STATE OF MINNESOTA Office of the State Auditor

Similar documents
STATE OF MINNESOTA Office of the State Auditor

STATE OF MINNESOTA Office of the State Auditor

STATE OF MINNESOTA Office of the State Auditor

STATE OF MINNESOTA Office of the State Auditor

TABLE OF CONTENTS. Introduction...

STATE OF MINNESOTA OFFICE OF THE STATE AUDITOR

GENERAL RECORD RETENTION SCHEDULE. For the

WASHINGTON COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

STATE OF MINNESOTA OFFICE OF THE STATE AUDITOR

Peace Officer Standards and Training Board July 1, 1997, through June 30, 2000

Government Data Practices Law Survey Legislative Commission on Data Practices December 22, House Research Department

No. 69. An act relating to automated license plate recognition systems. (S.18) It is hereby enacted by the General Assembly of the State of Vermont:

State of New Jersey OFFICE OF THE ATTORNEY GZNEP.A~ DEPARTMENT OF LAW AND PUBLIC SAFETY PO Box 080 TRENTON, NJ DIRECTIVE NO.

MEEKER COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT

Financial Audit Division Office of the Legislative Auditor State of Minnesota

Office of the Governor. Internal Controls and Compliance Audit. January 1, 2009, through December 31, 2010

STATE OF MINNESOTA OFFICE OF THE STATE AUDITOR

WASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT

STATE OF MINNESOTA OFFICE OF THE STATE AUDITOR

CITY OF FROM: Chelsea Petersen, Assistant City Manager CHANHASSEN

STATE OF MINNESOTA OFFICE OF THE STATE AUDITOR

TEXAS DEPARTMENT OF PUBLIC SAFETY 5805 NORTH LAMAR BOULEVARD POST OFFICE BOX 4087, AUSTIN, TX /

O L A. Emergency Medical Services Regulatory Board July 1, 1997, through June 30, 2002 OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA

(d) "Incarceration" and "confinement" do not include electronic home monitoring.

THIRD AMENDMENT TO AGREEMENT. Between BROWARD COUNTY. And BROWARD COUNTY PROPERTY APPRAISER. And BROWARD COUNTY SHERIFF. And SUPERVISOR OF ELECTIONS

DAKOTA COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

LA14-24 STATE OF NEVADA. Performance Audit. Department of Public Safety Office of Director Legislative Auditor Carson City, Nevada

NC General Statutes - Chapter 147 Article 5A 1

Office of the Register of Wills Anne Arundel County, Maryland

O L A. Campaign Finance and Public Disclosure Board OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA. Fiscal Years 2005, 2006, and 2007

INTRODUCTION AUDITOR'S REPORTS ON COMPLIANCE

Body Worn Camera Policy

Office of the Register of Wills Montgomery County, Maryland

CTAS e-li. Published on e-li ( October 26, 2018 Booking

Duluth PD Mobile Video Recorder Policy PURPOSE AND SCOPE

AGREEMENT ON THE IMPLEMENTATION OF THE QUÉBEC RELIABILITY STANDARDS COMPLIANCE MONITORING AND ENFORCEMENT PROGRAM

Privacy Impact Assessment. April 25, 2006

IN THE COURT OF APPEAL OF THE STATE OF CALIFORNIA SECOND APPELLATE DISTRICT DIVISION THREE

JOINT RULES of the Florida Legislature

Annex 1: Standard Contractual Clauses (processors)

State of Minnesota HOUSE OF REPRESENTATIVES

I March 9, 2015 Policy Number 8.11

Council Auditor s Office

CIT Group Inc. Charter of the Audit Committee of the Board of Directors. Adopted by the Board of Directors October 22, 2003

Am. Sub. H.B. 49 As Passed by the Senate AGOCD15

TITLE III: ADMINISTRATION. Chapter 32. CITY POLICIES

NEW BRUNSWICK POLICE DEPARTMENT POLICY & PROCEDURES

Le Sueur County, MN Tuesday, December 2, 2014 Board Meeting

SHERBURNE COUNTY ENHANCED REMOTE ACCESS AGREEMENT

Office of the Minnesota Secretary of State AFFIDAVIT OF CANDIDACY

O L A. Professional/Technical Services Contracts OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA. Financial Audit Division Report

DEPARTMENT OF ARKANSAS STATE POLICE ARKANSAS CONCEALED HANDGUN CARRY LICENSE RULES

TOWN OF HAYNESVILLE INVESTIGATIVE AUDIT ISSUED JANUARY 18, 2017

DATA PROCESSING ADDENDUM

State of Minnesota Department of Public Safety

September 17, Debra Preston, County Executive Broome County Office Building, 6 th Floor PO Box Hawley Street Binghamton, New York 13902

STATE OF NORTH CAROLINA

WSCPA Bylaws EFFECTIVE OCTOBER 18, 2012

Campaign Finance and Public Disclosure Board

Chapter , SOLID WASTE DESIGNATION ORDINANCE

LEGAL PROCESS WRITTEN DIRECTIVE: 14.3 EFFECTIVE DATE: REVISION DATE:

Vermont Department of Public Safety, Division of State Police

STATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY. Subject: Obsolete Rules Report Pursuant to Minnesota Statutes, section 14.05, subd.

THE GENERAL ASSEMBLY OF PENNSYLVANIA SENATE BILL

By Laws Maine Society of Certified Public Accountants

Interstate Commission for Adult Offender Supervision

Windsor Police Department General Order

CARLISLE HOME RULE CHARTER. ARTICLE I General Provisions

Table of Contents Introduction and Background II. Statutory Authority III. Need for the Amendments IV. Reasonableness of the Amendments

Executive Director; Section , Florida Statutes

Office of the Attorney General

Le Sueur County, MN Tuesday, April 18, 2017 Board Meeting

Automatic License Plate Reader Privacy Model Bill

DISTRIBUTED BY VERITAS TRUST

1 HB By Representative Williams (P) 4 RFD: Technology and Research. 5 First Read: 13-FEB-18. Page 0

The purpose of this General Order is to establish a uniform policy and procedure for the use of our automatic license plate reader (ALPR) system.

NINETIETH SESSION FORTY-SECOND DAY

O L A. Office of the Secretary of State January 1, 2005, through December 31, 2006 OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA

Colorado Secretary of State Election Rules [8 CCR ]

Financial Administration Act, Act,

THE PRIVACY ACT OF 1974 (As Amended) Public Law , as codified at 5 U.S.C. 552a

Austin Peay State University Audit Committee Charter

Limited Data Set Data Use Agreement

STATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY

SECOND REGULAR SESSION [P E R F E C T E D] SENATE BILL NO TH GENERAL ASSEMBLY INTRODUCED BY SENATOR MUNZLINGER.

FUJITSU Cloud Service K5: Data Protection Addendum

ILLINOIS STATE POLICE MERIT BOARD

Charter Audit and Finance Committee Time Warner Inc.

PERSONAL INFORMATION PROTECTION ACT

TITLE DEPARTMENT OF ADMINISTRATION 1.1 PURPOSES AND POLICIES 220-RICR CHAPTER 30 - PURCHASES SUBCHAPTER 00 - N/A

CITY OF NEW BRIGHTON USE OF BODY-WORN CAMERAS POLICY

ATHENS COUNTY DEMOCRATIC PARTY ATHENS COUNTY JANUARY 1, 2016 TO DECEMBER 31, 2016 AGREED UPON PROCEDURES

Office of the Clerk of Circuit Court Montgomery County, Maryland

LA14-20 STATE OF NEVADA. Performance Audit. Judicial Branch of Government Supreme Court of Nevada. Legislative Auditor Carson City, Nevada

SETTLEMENT AGREEMENT

EAST FELICIANA PARISH SHERIFF S OFFICE

STATE OF MINNESOTA DEPARTMENT OF PUBLIC SAFETY

Department of Public Safety and Correctional Services Central Region Finance Office

1 SB By Senators Orr and Holley. 4 RFD: Governmental Affairs. 5 First Read: 13-FEB-18. Page 0

1 SB By Senators Orr and Holley. 4 RFD: Governmental Affairs. 5 First Read: 13-FEB-18. Page 0

Transcription:

STATE OF MINNESOTA Office of the State Auditor Rebecca Otto State Auditor CITY OF MAPLEWOOD MAPLEWOOD, MINNESOTA AGREED-UPON PROCEDURES DECEMBER 19, 2017

Description of the Office of the State Auditor The mission of the Office of the State Auditor is to oversee local government finances for Minnesota taxpayers by helping to ensure financial integrity and accountability in local governmental financial activities. Through financial, compliance, and special audits, the State Auditor oversees and ensures that local government funds are used for the purposes intended by law and that local governments hold themselves to the highest standards of financial accountability. The State Auditor performs approximately 150 financial and compliance audits per year and has oversight responsibilities for over 3,300 local units of government throughout the state. The office currently maintains five divisions: Audit Practice - conducts financial and legal compliance audits of local governments; Government Information - collects and analyzes financial information for cities, towns, counties, and special districts; Legal/Special Investigations - provides legal analysis and counsel to the Office and responds to outside inquiries about Minnesota local government law; as well as investigates allegations of misfeasance, malfeasance, and nonfeasance in local government; Pension - monitors investment, financial, and actuarial reporting for approximately 650 public pension funds; and Tax Increment Financing - promotes compliance and accountability in local governments use of tax increment financing through financial and compliance audits. The State Auditor serves on the State Executive Council, State Board of Investment, Land Exchange Board, Public Employees Retirement Association Board, Minnesota Housing Finance Agency, and the Rural Finance Authority Board. Office of the State Auditor 525 Park Street, Suite 500 Saint Paul, Minnesota 55103 (651) 296-2551 state.auditor@osa.state.mn.us www.auditor.state.mn.us This document can be made available in alternative formats upon request. Call 651-296-2551 [voice] or 1-800-627-3529 [relay service] for assistance; or visit the Office of the State Auditor s web site: www.auditor.state.mn.us.

CITY OF MAPLEWOOD MAPLEWOOD, MINNESOTA December 19, 2017 Agreed-Upon Procedures Audit Practice Division Office of the State Auditor State of Minnesota

This page was left blank intentionally.

REBECCA OTTO STATE AUDITOR STATE OF MINNESOTA OFFICE OF THE STATE AUDITOR SUITE 500 525 PARK STREET SAINT PAUL, MN 55103-2139 (651) 296-2551 (Voice) (651) 296-4755 (Fax) state.auditor@state.mn.us (E-mail) 1-800-627-3529 (Relay Service) INDEPENDENT AUDITOR S REPORT ON APPLYING AGREED-UPON PROCEDURES Mychal Fowlds, IT Director Kerry Crotty, Investigations Lieutenant City of Maplewood 1830 County Road B East Maplewood, Minnesota 55109 We have performed the procedures enumerated below, which were agreed to by the City of Maplewood, to confirm the City of Maplewood s compliance with Minn. Stat. 13.824 and 626.8472 regarding Automated License Plate Readers (ALPRs). Specifically, the agreed-upon procedures used herein were designed to determine whether data currently in the City s records are classified properly, how the data are used, whether data are being destroyed as required by Minn. Stat. 13.824, and to determine whether there is compliance with Minn. Stat. 13.824, subd. 7. The City of Maplewood s management is responsible for the City s compliance with Minn. Stat. 13.824 and 626.8472 regarding ALPRs. This agreed-upon procedures engagement was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants. The sufficiency of the procedures is solely the responsibility of the City of Maplewood. Consequently, we make no representation regarding the sufficiency of the procedures described below either for the purpose for which this report has been requested or for any other purpose. 1. Procedure Determine that a written policy governing ALPR use that incorporates the requirements of Minn. Stat. 13.824 and the employee discipline standards for unauthorized access to data exists and is enforced. Page 1 An Equal Opportunity Employer

We obtained a copy of the City s ALPR policy and compared it to the requirements of Minn. Stat. 13.824. The requirements of this statute are reflected in the City s policy, including references regarding unauthorized access or use of ALPR data and corresponding discipline, should a breach occur, except that the policy does not address the following requirements: Minn. Stat. 13.824, subd. 2(a) states data collected by an automated license plate reader must be limited to the following: o License plate numbers; o Date, time, and location data on vehicles; and o Pictures of license plates, vehicles, and areas surrounding the vehicles. Collection of any data not authorized by this paragraph is prohibited; Minn. Stat. 13.824, subd. 5(a) states a law enforcement agency that installs or uses an automated license plate reader must maintain a public log of its use, including but not limited to: o Specific times of day that the reader actively collected data; o The aggregate number of vehicles or license plates on which data are collected for each period of active use and a list of all state and federal databases with which the data were compared, unless the existence of the database itself is not public; and, o For each period of active use, the number of vehicles or license plates in each of the following categories where the data identify a vehicle or license plate that has been stolen, a warrant for the arrest of the owner of the vehicle or an owner with a suspended or revoked driver s license or similar category, or are active investigative data; Minn. Stat. 13.824, subd. 4(b) states if data collected by an automated license plate reader are shared with another law enforcement agency under this subdivision, the agency that receives the data must comply with all data classification, destruction, and security requirements of this section; Minn. Stat. 13.824, subd. 3(c) states upon written request from a program participant under chapter 5B, automated license plate reader data related to the program participant must be destroyed at the time of collection or upon receipt of the Page 2

request, whichever occurs later, unless the data are active criminal investigative data. The existence of a request submitted under this paragraph is private data on individuals; and, Minn. Stat. 13.824, subd. 3(d) states data that are inactive criminal investigative data are subject to destruction according to the retention schedule for the data established under section 138.17. 2. Procedure Determine that the data collected by ALPRs are limited in accordance with statutes. The City of Maplewood uses the Vigilant system. There are three mobile ALPRs. A report was run from Vigilant on November 2, 2017, for all of the license plate hit data currently retained by the City. There were no license plate hits within the past 60 days. 3. Procedure Determine that the data collected by ALPRs are appropriately classified. The City of Maplewood s ALPR policy recognizes that ALPR data collected will be safeguarded and protected. On January 11, 2016, the City received a data request for its ALPR log of use, which is required to be maintained by Minn. Stat. 13.824, subd. 5. We inspected the information used to fulfill this request, and no private or nonpublic data was included. We inspected the audit trail report for the period November 2, 2015, to November 2, 2017. During this period, no instances of exporting ALPR data were observed. There were four license plate searches by City staff during this period, which we inspected. No ALPR data was identified as being shared with outside agencies. 4. Procedure Determine that a public log of use is maintained in accordance with statutes. Currently, there is not a consolidated report from Vigilant that would provide all the information required under Minn. Stat. 13.824, subd. 5(a). Page 3

The Vigilant system tracks user log-in dates and times; however, it does not track user log-out dates and times. Thus, the City would be unable to provide the period of active use as required by Minn. Stat. 13.824, subd. 5(a)(1-3). Summarized data on the number of license plates in the Vigilant system can only be narrowed down to a specific day. Detailed license plate hit data is only retained by the City for 60 days. Detailed license plate read data is not retained by the City. The City is unable to provide the summarized information required to be maintained as a log of use as identified in Minn. Stat. 13.824, subd. 5(a)(2) and (3), if there was more than one active period of use in a day and if more than 60 days old. The City does not maintain the log of use information for longer than 60 days. Minnesota Statutes, section 13.824 provides different records retention treatment for (1) data collected by an automated license plate reader, and (2) a public log of its use. Under subdivision 3, much of the data collected by an automated license plate reader must be destroyed within 60 days notwithstanding the general records retention statute requirements in Minn. Stat. 138.17. The statute does not set a retention period for the log of use information that is described in and that the law enforcement agency must maintain under subdivision 5. In addition, the log of use is not subject to the subdivision 3 exception to the application of Minn. Stat. 138.17. The log of use, therefore, must be maintained for longer than 60 days. The log of use information may only be destroyed pursuant to Minn. Stat. 138.17, which generally means pursuant to a properly approved records retention schedule or Application for the Disposal of Records (PR-1). The City of Maplewood has not owned or used a fixed stationary ALPR. 5. Procedure Determine that, if used, a list of current and previous locations of fixed stationary ALPRs is maintained along with notification of such to the Bureau of Criminal Apprehension. The City of Maplewood has not owned or used a fixed stationary ALPR. 6. Procedure Determine that the data collected by ALPRs is safeguarded, allowing role-based access for use with a legitimate, documented law enforcement purpose as authorized in writing. A user access report was run from Vigilant on November 2, 2017. The user access list was restricted to individuals within the City based on their official roles. Page 4

The audit trail report for the period November 2, 2015, to November 2, 2017, was inspected. During this period, there were four license plate searches of ALPR data performed by City Police Department staff. We inspected each to confirm there was a legitimate, documented law enforcement purpose for the access. For two of the four license plate searches, we were informed that the searches were to test user access using information known to the Police Department and, therefore, did not have a legitimate, documented law enforcement purpose as required by Minn. Stat. 13.824, subd. 7(b) and (c). No other exceptions were noted. Minnesota Statutes, section 13.824, subd. 7(b) requires that law enforcement personnel have access to ALPR data only if authorized in writing by the chief of police, sheriff, or head of the law enforcement agency, or their designee to obtain access for a legitimate, specified and documented law enforcement purpose. The City of Maplewood s ALPR policy designates the Patrol Division Commander with this responsibility. Since Minn. Stat. 13.824 went into effect on August 1, 2015, the City has given four new users access to the Vigilant system. The City did not have written authorization for any of these individuals to have access to the Vigilant system based on their official roles. In addition, for the four license plate searches performed, two did not have written authorization and one had authorization, but not from the designee in accordance with the ALPR policy. 7. Procedure Determine that a data audit trail exists to document all access activity. An audit trail report was run from Vigilant on November 2, 2017, for the period November 2, 2015, to November 2, 2017. This audit trail report contained all activity of the ALPR data actions in compliance with Minn. Stat. 13.824, subd. 7(c). No exceptions were noted. 8. Procedure Determine that collected ALPR data is destroyed in accordance with statutes. Minnesota Statutes, section 13.824, subd. 3(a) requires collected ALPR data to be destroyed no later than 60 days from the date of collection, with specific exceptions. The City of Maplewood has a 60-day ALPR data retention policy. A report was run from Vigilant on November 2, 2017, for all of the license plate hit data currently retained by the City. No license plate hit data appeared on the report. No exceptions to the data destruction requirements were noted. Page 5

During inspection of the audit trail report, it was noted that the City changed its ALPR data retention policy from 90 days to 60 days on January 14, 2016, in response to Minn. Stat. 13.824 effective August 1, 2015. * * * * * We were not engaged to, and did not, conduct an examination or review, the objective of which would be the expression of an opinion or conclusion, respectively, on the City s compliance with Minn. Stat. 13.824 and 626.8472 regarding ALPRs. Accordingly, we do not express such an opinion or conclusion. Had we performed additional procedures, other matters might have come to our attention that would have been reported to you. This report is intended solely for the information and use of the City of Maplewood and is not intended to be, and should not be, used by anyone other than those specified parties. /s/rebecca Otto REBECCA OTTO STATE AUDITOR /s/greg Hierlinger GREG HIERLINGER, CPA DEPUTY STATE AUDITOR December 19, 2017 Page 6

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback