What’s $2,500 times a lot?
If budding liability claims for inappropriate use of the state’s driver’s license database have teeth, a multitude of Minnesota cities, counties and state agencies could soon find out.
Many of those entities are backstopped by insurance and rainy-day funds that would soften the blow of potential payouts. But the sheer scope of the alleged violations suggests those funds could be on the hook for millions of dollars — and the Legislature might have to appropriate millions more to settle claims against state agencies.
At this stage, “to even begin to put a dollar amount on it, it’s really too early to tell,” said Pete Tritz, director of the League of Minnesota Cities Insurance Trust.
The LMCIT is representing dozens of cities that have been notified of driver’s license claims. It currently faces 124 claims against 90 member cities.
Federal laws governing license data privacy set minimum damages for misuse at $2,500 per incident, plus attorney’s fees.
The tally is far from final, since lawyers are rounding up potential plaintiffs and several key legal questions — such as class certification for those who say their data were misused — have yet to be tackled. But a few high-profile claims hint at the scope and potential cost.
Brooke Bass, a former police union lawyer who claims her driver’s license data was pulled more than 750 times by almost 100 entities — many of them city police departments — could be entitled to
damages approaching $2 million. She’s suing a host of cities, counties and state agencies.
Hilary DeVary, a Lakeville private investigator who says her data was searched for more than 150 times, could get more than $400,000.
Those are the statutory minimums. Bass’ attorneys are seeking more. And the five law firms currently handling driver’s license privacy cases have hundreds of other clients waiting in the wings, some of whom claim to have had their license data pulled dozens or hundreds of times.
William McGeveran, a privacy-law expert and law professor at the University of Minnesota, said he hasn’t seen driver’s license data claims on this scale before.
“I don’t think we yet know what the scope of the entire damages could be,” he said.
The LMCIT maintains a claims pot designed to cover $15 million a year in losses, plus a $95 million reserve fund. It also carries its own insurance as a hedge against large payouts.
Though it’s early in the process, the trust “has alerted our reinsurance partners that this situation is going on,” Tritz said
“It’s a situation we’re taking very seriously,” he said.
The LMCIT isn’t alone in facing claims. The Minnesota Counties Intergovernmental Trust, which fills a similar role for member counties, has been notified of about two dozen driver’s license claims to date.
Some larger cities and counties don’t belong to either group. They defend themselves against claims and pay settlements from their own fund balances.
The state could be a target too. Bass is suing the Department of Natural Resources and Department of Public Safety. Both agencies are also named as defendants in a federal lawsuit over allegedly inappropriate driver’s license data queries made by former DNR officer John Hunt.
If the state is held liable for all of the 19,000 searches Hunt is accused of making, the damages in that case alone could top $47 million.
Hunt was fired in January and faces criminal charges.
That kind of money would likely have to come from a special appropriation from the Legislature. It wouldn’t be unprecedented: The Legislature set aside $38 million to settle claims against the Minnesota Department of Transportation after the 2007 Interstate 35W bridge collapse.
The payouts are no sure thing. Cities, counties and the state could reach settlement deals with claimants for less than federal law calls for.
They could also fight the claims in court. Many people sue public entities, said Robyn Sykes, executive director of the counties’ trust — and the trust is willing to push back.
“We’re very, very aggressive” in defending against claims, she said.
She said that the current round of claims is still “pretty darn new,” and that the MCIT is still reviewing the facts.
If cities and counties can show their policies and controls governing driver’s license data were adequate — and that any violations were the work of rogue individuals — they could escape liability, McGeveran said.
Defendants could argue “we told them not to, we did training, and then they broke the rules,” he said. Plaintiffs likely will counter by saying the “structure of the system invited abuse.”
In the Hunt lawsuit, filed in February, the plaintiffs argue that the DNR and DPS “have lax policies or lax enforcement of these policies that allow for intrusions.”
The Bass lawsuit, filed in April, called license privacy violations “an established, well-known, and pervasive problem with law enforcement” that agency heads “are unwilling to properly address.”
In some ways, McGeveran said, the flood of claims is a sign the system is working. The federal law that dictates damages was designed to regulate the issues via litigation rather than by a central authority.
The law, the Driver’s Privacy Protection Act, was passed in 1994 after several crimes tied to abuse of license data like stalking and harassment. Among those was the murder of 21-year-old actress Rebecca Schaeffer by an obsessed fan who located her through driver’s license records.
If the claims of abuse prove true, McGeveran said, they could be a sign the system’s users were too comfortable having sensitive information at their fingertips.
“People are accustomed to having information available at the touch of a button,” he said.
Marino Eccher can be reached at 651-228-5421. Follow him at twitter.com/marinoeccher