2013 Legislative issues

MNCOGI 2013 legislative issues: executive summary

LPR (License Plate Recognition) Data
• MNCOGI position: LPR data should be classified as “not public” data for a very short time period. A retention scheme should be instituted, under which non-“hit” LPR data would be quickly purged during its brief, initial status as “not public” data. The remaining “hit” data should be maintained as public “incident” data.

Criminal Intelligence Data
• MNCOGI position: Any “criminal intelligence data” classification written into Chapter 13 should not convert currently public categories of data into “not public” data, unless such a change serves a narrowly tailored, compelling public interest.

Citizen e-mails submitted to municipalities
• MNCOGI position: The Minnesota Legislature should not classify citizen e-mail addresses maintained by government entities as “not public” data. Instead, municipalities should consider providing citizens with a notification upon submission that their e-mail addresses will be maintained as public data.

Private contract, sub-contract data
• MNCOGI position: The Minnesota Legislature should reject any efforts to alter Minn. Stat 13.05 Subd. 11, or to alter Chapter 13 in any way so as to narrow the reach of Marshall Helmberger v. Johnson Controls, Inc., 821 N.W.2d 831 (Minn. App. 2012).

League of Minnesota Cities – proposed changes to Chapter 13
• MNCOGI position: The Data Practices Act should not be amended to allow government entities to charge additional fees for the inspection of government data. Similarly, Chapter 13 should not provide government entities with a mechanism to challenge the basis for a requester’s Data Practices Act request.

Expansion of definition of “public official” under Chapter 13
• MNCOGI Position: MNCOGI supports efforts to amend Minn. Stat. 13.43 so as to clarify that it applies to all employees working in a management capacity in any government entity.

Enforcement of the Data Practices Act
MNCOGI Position: MnCOGI will support legislation to replace the Act’s litigation enforcement requirement with a commission/commissioner method of enforcement.

MNCOGI 2013 legislative issues

What follows is a summary of government data issues likely to come before the Minnesota Legislature during the 2013 session. Also listed are MNCOGI’s formal positions on these issues.

LPR (License Plate Recognition) Data
Background: Minnesota law enforcement agencies are collecting and retaining millions of license plate image scans each year. Once captured, these scans are checked against a BCA database that includes warrant information, stolen vehicle information, as well as FBI data. An LPR system alerts its user if a captured license plate scan correlates to any information contained within the BCA database. Such “hit” data can provide leads for a variety of investigative purposes.

Most LPR data is retained for a period of time, but the retention period varies by agency. For example, Saint Paul currently retains data for 90 days, while the State Patrol retains data only for 48 hours.

Issues: Privacy concerns have been raised about LPR collection and retention schemes, given the fact that the license plate scans can be correlated to location, and thus can provide an approximate tracking of the movements of vehicles owned by particular individuals. LPR records are currently considered to be public data, and individual records can be requested from police agencies. The Star Tribune has run several stories related to this point, and was able to track the location of Minneapolis Mayor R.T. Ryback’s car via public requests for LPR data. The City of Minneapolis has recently requested that IPAD temporarily classify LPR data held by the Minneapolis Police Department as “not public” data.

How should the Legislature choose to classify this relatively new category of government data?

• MNCOGI position: LPR data should be classified as “not public” data for a very short time period. A retention scheme should be instituted, under which non-“hit” LPR data would be quickly purged during its brief, initial status as “not public” data. The remaining “hit” data should be maintained as public “incident” data under Minn. Stat. 13.82 Subd. 6.

If the Legislature does not alter the retention period of LRP data, all LPR data should remain public.

• MNCOGI rationale: So long as law enforcement agencies maintain large databases of LPR data without regard to its relation to potential criminal activity, all LPR data should remain public. This public classification is important to allow for press and public access to understand police use of the data, and to inform public policy debates over the length and/or necessity of LPR data retention.

MNCOGI believes that by adopting its proposed retention and classification scheme, law enforcement agencies can effectively use LPR data for criminal investigative purposes without compromising individual privacy more broadly.

Concerns have been raised over whether keeping LPR data public will enable harassment and stalking to occur, since patterns of individual movement could be divined from aggregated LPR data. MNCOGI believes that its proposed retention and classification scheme would alleviate this potential problem by limiting the scope and purposes for which LPR data is retained.

Criminal Intelligence Data
• Background: Since 2009, two attempts have been made to pass legislation that would amend Chapter 13 so as to create a new “criminal intelligence data” classification. The effect of enacting such a classification may be to reclassify certain now-public data as “criminal intelligence data,” thereby keeping the data from public review. This classification could potentially extend to public law enforcement data such as “request for service” or “incident” data.

During the 2009 legislative session, the initial criminal intelligence bill did not advance beyond committee. The 2010 Legislature subsequently passed SF 2725, which created a working group tasked with making recommendations related to criminal intelligence data. A revised criminal intelligence data bill (that incorporated some of the proposals brought forth by the SF 2725 working group) was introduced during the 2012 session, but it failed to gain traction.

• Issues: Law enforcement officials have sought to create a more broadly-defined criminal intelligence data classification in order to facilitate the collection of information about potential criminal actors and activities. They have also sought to keep such data “not public.” Law enforcement officials have also raised concerns about problems arising from accepting and maintaining law enforcement data from non-Minnesota agencies that operate under different (less open) data classification systems.

Civil liberties and privacy advocates have raised concerns about the creation and maintenance of “not public” police data bases that are not directly connected to active criminal investigations. These advocates cite the potential for the inclusion of erroneous information about innocent people, as well as political, religious, or racial profiling.

How should the Legislature address the matter of creating a “criminal intelligence data” classification?

• MNCOGI position: Any “criminal intelligence data” classification written into Chapter 13 should not convert currently public categories of data into “not public” data, unless such a change serves a narrowly tailored, compelling public interest. The existing provisions of the Data Practices Act strike a careful balance between public accountability, and the needs of law enforcement to keep certain sensitive data “not public.” MNCOGI aims to preserve that balance. Any proposed changes to the classification of existing law enforcement data should meet appropriate standards of necessity and constraint.

• Link: SF2725 Working Group report:

http://www.dps.mn.gov/divisions/bca/Documents/SF%202725%20final%20report.pdf

Citizen e-mail addresses submitted to municipalities

• Background: During the summer of 2012, several municipalities received requests to turn over lists of city resident e-mail addresses under the Data Practices Act. Such addresses were originally collected and maintained for several purposes, including providing crime updates, snow plowing alerts, and notices about other city functions.

A Maplewood resident made the requests in order to compile marketing lists for his wife’s political campaign. The city of Roseville complied with the data requests, while press reports indicated that other city governments actively resisted the requests by attempting to charge thousands of dollars in copying fees.

• Issue: Citizen e-mail addresses held by government agencies are currently considered to be public data. The League of Minnesota Cities is urging that this presumption be reversed. Should the Minnesota Legislature follow their lead, or keep the data classified as presumptively public?

• MNCOGI position: The Minnesota Legislature should not classify citizen e-mail addresses maintained by government entities as “not public” data. Instead, municipalities should consider providing citizens with a notification upon submission that their e-mail addresses will be maintained as public data. This way, citizens will be able to make an informed decision about their options when submitting such data.

• MNCOGI rationale: The Minnesota Data Practices Act considers all data “collected, created, received, maintained, or disseminated by a government entity” to be public unless otherwise classified. From the time that they were first collected by city governments, citizen e-mail addresses have been maintained as public data without substantial complaint or incident. The fact that government-maintained data has been used – in some instances – for commercial, marketing, or other purposes, should not result in the restriction of that data for all purposes. For instance, there may be legitimate reasons for the press to seek access to citizen e-mails (such as investigating how government entities use this information for their own communication purposes.) Providing citizens with proper notice – rather than converting the data to a “not public” classification – is the proper solution to the current controversy.

League of Minnesota Cities data compliance issues

• Background: In its “2013 City Policies” legislative document, the League of Minnesota Cities has urged several changes to Data Practices Act procedures that it considers to be overly burdensome. These proposed changes include a request to charge requesters for staff time used to facilitate the inspection of government data, as well as a proposal to allow cities to challenge whether a data request has been made “in good faith.”

• Issue: Since the inception of the Data Practices Act, requesters have been able to inspect government data free of charge, and have only been charged fees for the production of copies, or for the inspection of electronic data via “remote access.” Likewise, the Data Practices Act has never allowed government entities to challenge a requester’s right to make a data request. Should the Legislature change these fundamental tenets of the Data Practices Act now?

• MNCOGI position: The Data Practices Act should not be amended to allow government entities to charge additional fees for the inspection of government data. Similarly, Chapter 13 should not provide government entities with a mechanism to challenge the basis for a requester’s Data Practices Act request.

• MNCOGI rationale: The Data Practices Act was premised upon the presumption that government data is owned by the public, and that the public should be able to inspect the data that it owns. Fees have entered into the equation once a requester has sought to produce copies of data, or to obtain “remote access” to electronic files via computer. There is no reason to alter these long-standing arrangements. Doing so would undercut the foundational presumption that the public owns the data that government entities produce, and that it has a right to review such data without being charged for access.

In similar fashion, the Data Practices Act has never allowed government entities to refuse a request based upon any determination related to the supposed merits of that request. Doing so would undercut the foundational presumption that government data is open to the public in its entirety. Allowing government entities to challenge requesters (and thus pick and choose who they wish to respond to) would reverse the basic premise of Minnesota’s “open government” legal framework, placing the government itself in charge of who it wishes to disseminate information to.

• Link: League of Minnesota Cities “2013 City Policies” document:

http://www.lmnc.org/media/ ddocument/1/2013citypolicies.pdf?inline=true

Contracts, sub-contracts between private and public entities

• Background: In October, 2012 the Minnesota Court of Appeals decided Marshall Helmberger v. Johnson Controls, Inc. , 821 N.W.2d 831 (Minn. App. 2012). The controversy involved a data request made by Marshall Helmberger of the Timberjay Newspaper, and submitted to Johnson Controls, Inc.

Johnson Controls had contracted with Independent School District 2142 to provide construction and renovation services for several school buildings. Helmberger sought access to a subcontract related to the school project from the district itself, and then sought it directly from Johnson Controls after the district responded that it did not posses the subcontract. Johnson Controls denied Helmberger’s request, and maintained that it was outside the scope of the Data Practices Act.

The Court of Appeals ruled in favor or Helmberger, and overturned the earlier decision of an administrative law judge who had ruled for Johnson Controls. The Court of Appeals read the Data Practices Act broadly to include subcontracts that are derivative of the main contracts that a private entity holds with a government entity. The Minnesota Supreme Court has now accepted a petition from Johnson Controls seeking to overturn the Court of Appeals decision.

• Issue: Should Minnesota narrow the extent to which contracts and subcontracts related to business conducted with government entities are publicly available under the Data Practices Act?

• MNCOGI position: The Minnesota Legislature should reject any efforts to alter Minn. Stat 13.05 Subd. 11, or to alter Chapter 13 in any way so as to narrow the reach of the Court of Appeals holding in the Marshall Helmberger v. Johnson Controls, Inc. decision.

• MNCOGI rationale: The public has legitimate reasons to have access to information about public functions performed by private parties, just as it has cause to have access to information about public functions performed by public entities. A narrow construction of Chapter 13 would frustrate the ability of the public to oversee work performed in its name by private parties.

• Link: Marshall Helmberger v. Johnson Controls, Inc.

http://law.justia.com/cases/minnesota/court-of-appeals/2012/a12-327.html

Expansion of definition of “public official” under Chapter 13

• Background: In early 2012, the Star Tribune and Pioneer Press newspapers sought data regarding a separation agreement involving a former Burnsville School District official. A dispute arose regarding how much of the data was public under Minn. Stat. 13.43. IPAD issued an opinion detailing which portions of the data were public. During the 2012 legislative session, the Minnesota Legislature altered Chapter 13 to include additional detail regarding the definition of “public official” under Minn. Stat. 13.43.

Later in 2012, the Star Tribune requested data from the City of Minneapolis related to a separation agreement with a former employee – its Director of Regulatory Services. The city denied the request, due to its contention that the Director of Regulatory Services was not a public official as defined within Minn. Stat. 13.43.

• Issue: Should Minn. Stat. 13.43 be amended to expand its definition of “public official”?

• MNCOGI Position: MNCOGI supports efforts to amend Minn. Stat. 13.43 so as to clarify that it applies to all employees working in any management capacity in any government entity.

• MNCOGI Rationale: A broader description of “public official” in 13.43 would allow the public and the press access to a greater amount of data relating to the work of public officials, increasing oversight and accountability.

* Link: Star Tribune editorial on Minneapolis public official matter

http://www.startribune.com/opinion/editorials/176866701.html?refer=y

• Link to IPAD opinion on 2012 Burnsville School District matter

http://www.ipad.state.mn.us/opinions/2012/12006.html

Enforcement of the Data Practices Act

• Background: Since its inception, the Data Practices Act has relied on a litigation model to enforce its provisions. In this model, citizens are required to sue their government to force that government to carry out the will of the legislature. This model can frustrate citizens and gives government a convenient excuse to not carry out some of the Act’s legally and politically sensitive positions. Over the years, data practices experts and two independent citizen/government/legislative commissions have recommended that the legislature replace the litigation model with commission/commissioner model similar to that used in Canada and other parts of the world. These proposals have been strongly opposed by government associations. While acknowledging the utility of discarding the litigation model, the legislature has up to now resisted the commission/commissioner model based on cost considerations.

• Issue: Should the Data Practices Act’s current litigation enforcement model be replaced with a commission/commissioner model?

• MNCOGI Position: MNCOGI will support legislation to replace the Act’s litigation enforcement requirement with a commission/commissioner method of enforcement.

• MNCOGI Rationale: Establishment of a commission/commissioner type enforcement method has proven to be the most effective way to enforce data privacy/freedom of information laws in the balance of the modern world. Our provincial Canadian neighbors have demonstrated for a number of years that the use of independent professionals to enforce these types of laws is the most effective methodology.

MNCOGI believes that the cost deterrent to the establishment of a
commission/commissioner type model should be more closely examined in light of such recent developments as the ongoing settlement awards of over $1,000,000 to one individual for egregious privacy violations with minimal personal sanctions against the violators.

The ultimate question that ought to be addressed by the legislature is what is the best way to ensure maximum public access to government data, and enforcement of the fair information practices rights of individuals? MNCOGI believes that a commission/commissioner enforcement model is the best and most cost effective way to attain those objectives.

Office of the Information and Privacy Commissioner for Ontario
http://www.ipc.on.ca/english/Home-Page/

Office of the Information and Privacy Commissioner for British Columbia
http://www.oipc.bc.ca/

Recommendations of the Government Information Access Advisory Council (Minnesota)
http://stevenclift.com/?p=303