The Complainant in this matter was concerned with the amount of personal data contained on their private investigator identification card. The personal data displayed on the identification card includes:
- License number
- Name of Licensee
- Sex
- Date of Birth
- Address city, state zip
- Date of Issuance
- Date of Expiration
- Height
- Weight
- Eye Color
- Hair Color
The Complainant believed this was an issue given that a licensee may face discipline for refusing to display the identification card to any person having reasonable cause to verify the validity of the license. The Complainant was concerned that the requirement to display their identification card containing their business address, which is also their home address, poses a safety risk if the individual requesting to see the identification card is the subject of an investigation who is upset or aggressive.
Based on this complaint, the representatives from the governmental entity that supervise the private investigator licensing program indicated that they were taking steps to address this issue. The governmental entity will remove sensitive personal data, including date of birth, address, height, weight, sex, hair color, and eye color from the identification card. Identification cards issued in the future will only include the private investigator’s name, photo, license number, and issue and expiration dates. The governmental entity also indicated that the system for issuing private investigator licenses will be updated and that the information contained on a private investigator license will be limited to the information required by statute, including the private investigator’s name, address, number of the license, and the designation of the licensee.
In addition to these changes, it was recommended that the governmental entity ensure that the application for a license includes a privacy notice which contains a clear explanation of how the personal data provided by an applicant is used. The GDPA requires a governmental entity to provide a privacy notice to an individual “from whom the governmental entity requests or collects personal data”. See Subsection 63A-19-402(1). Personal data includes any “information that is linked or can be reasonably linked to an identified individual or an identifiable individual”. See Section 63A-19-101.