Police leader criticizes ‘careless’ security lapse in COVID-19 patient data 

"The Minnesota Department of Health and the Minnesota Department of Public Safety have failed first responders."

Image credit: Twitter via @GovTimWalz

The head of a Minnesota police union is calling for an investigation after a Monday report claimed that some personal information of COVID-19 patients was compromised.

Gov. Tim Walz signed an executive order in April authorizing the Minnesota Department of Public Safety to share the addresses of contagious COVID-19 patients with 911 dispatchers and first responders.

That information was supposed to be “encrypted in transit” and provided “only to the minimum number of people necessary [to] accomplish the purpose of this order.”

“I have determined that limited information — the addresses where a positive COVID-19 test result has been obtained and the individual tested is still contagious to others — should be disclosed via the Department of Public Safety Public Safety Answering Point (‘911’) dispatchers and first responders in a very limited fashion to control and prevent the spread of COVID-19,” Walz said in the order.

“This decision is not taken lightly. We must ensure that this health information is disclosed only to those who have an emergent need to know it, and we must implement safeguards to ensure that no one abuses this data. Minnesota has a strong tradition of protecting the private data of its citizens,” he continued.

But documents obtained by 5 Eyewitness News appear to show that, in some cases, the addresses of all contagious COVID-19 patients were shared with every 911 dispatch center in the state.

“Instead of the City of Minneapolis receiving only addresses in Minneapolis, it has been receiving addresses for what appears to be the entire state since Aug. 18, 2020,” said one email obtained by the outlet and sent by a city attorney.

According to 5 Eyewitness News’ report, the state put a pause on distributing the data a day after the email was sent.

The Minnesota Police and Peace Officers Association explained it this way: “The Governor’s executive order required the Minnesota Department of Public Safety and Minnesota Department of Health to share only the addresses of patients who tested positive for COVID-19 through strict security protocols and precautions, specifically to applicable 911 dispatch centers. This information was to particularly benefit first responders, like police and firefighters, and very specific data security precautions were outlined in the executive order. Those security precautions were not followed, and data was sent insecurely to all dispatch centers, potentially compromising the data.”

Brian Peters, executive director of the police association, said the information has been “extremely lagging” ever since the governor’s executive order was signed.

“The Minnesota Department of Health and the Minnesota Department of Public Safety have failed first responders. Because they were unprepared and careless, first responders are now at additional risk,” he said in a press release.

Peters said he has concerns about “how the Department of Health can choose to ‘pause’ part of the governor’s executive order and not fulfill its lawful responsibilities.”

“The governor and his administration need to be held accountable for this information being mishandled, and correct this wrong immediately,” he continued. “We urge investigations on why this information wasn’t treated with more respect — and mishandled at the expense of privacy as well as law enforcement.”