MILACA, Minn. (Legal Newsline) – Hundreds of Mille Lacs County, Minn. residents went to bed on July 1 with a million reasons to feel a little better.
On that day, a settlement was announced between residents and Mille Lacs County and Mikki Jo Peterick, a former child support investigator for the Mille Lacs County Department of Family Services, in a case that involved Peterick's unauthorized access of the personal information of over 260 county residents in a federal violation of the Driver’s Privacy Protection Act.
The settlement was the closing chapter in a civil suit that was initiated by concerned county residents in May 2013. The residents alleged that Peterick used her position to improperly access personal information and this was possible, in part, because the county did not have the appropriate security safeguards in place.
According to court records, because Peterick used computers from the Minnesota Department of Motor Vehicles, she had access to information that would include names, driver’s license numbers, addresses, driver’s license photos and all of the defining personal detail that appears on a driver's license. One of the questions which appears to be as yet unanswered is what Peterick was looking for.
"We do not know what Ms. Peterick’s motives were for accessing the information, and would be speculating," Kathryn M. Rattigan, an attorney at Robinson+Cole told the Legal Newsline. "The motive may have been simple curiosity; however, these types of data may be used for fraudulent activity as well."
The terms of the settlement include an initial payment of $1 million by Peterick and Mille Lacs County to the class action members.
From that, $100,000 will be set aside for class members who might opt out of the settlement; attorneys fees will be covered; and the Gulvig and Schmoll families, who initiated the suit, will receive $25,000 each for their position as representatives in the case.
The remainder of the settlement payment will by distributed to the class members with each receiving a portion based on the number of times their records were searched. An audit, conducted by the county, estimates that Peterick accessed the affected residents records 605 times between January 2009 and November 2012.
While data breaches seem to be consistently in the news, it is rare to see a settlement of this nature outside of the retail space.
"It is rare to see a county or municipality facing a class action such as this only because class actions for privacy violations and data breaches are typically brought against entities with deeper pockets so to speak," Rattigan said. "For example, companies like Target and Home Depot faced class actions for recent data breaches and paid out over $10 million and $19.5 million in settlements, respectively."
Although the Peterick/Mille Lacs County suit alleged that the county did not have an adequate security protocol, even if it did, it may not have been enough.
"The biggest lesson from this case is that employees are still the biggest threat to an organization’s data." Rattigan said.