The $1 million-plus settlement in the Anne Marie Rasmusson case is a costly example of why employers need to make certain that their employees do not abuse their access to confidential information. Rasmusson, a former St. Paul police officer, filed a lawsuit against numerous Minnesota cities and police officers in March of 2012 alleging that her driver’s license information was improperly accessed 425 times by 104 police officers between 2007 and 2011. Rasmusson’s complaint asserted claims arising under the Driver’s Privacy Protection Act of 1994, as well as claims for invasion of privacy. Many police officers who accessed Rasmusson’s data acknowledged that they did not have legitimate reasons to do so. The overall theme of the lawsuit was that the various police departments and officers involved allowed a culture to develop in which her private data was not protected and was routinely accessed for illegitimate reasons. While most employers do not have employees who have access to driver’s license data, many do have employees who have access to other private and confidential data. Employers who fail to ensure that strong policies and procedures are in place to prevent employee abuse of confidential data may be subject to significant liability.