
    AMERICAN FEDERATION OF STATE, COUNTY MUNICIPAL EMPLOYEES, AFSCME Union Local 3456; et al., Appellants, v. GRAND RAPIDS PUBLIC UTILITIES COMMISSION, Respondent.
    No. C1-01-1852.
    Court of Appeals of Minnesota.
    May 14, 2002.
    
      Mitchell J. Brunfelt, Colosimo, Patchin, Aronson, Kearney, Lindell & Brunfelt, Ltd., Virginia, MN; and Don L. Bye, Duluth, MN, for appellants.
    Steven C. Fecker, Paul W. Wojciak, Johnson, Killen & Seiler, P.A., Duluth, MN, for respondent.
    Considered and decided by HANSON, Presiding Judge, SCHUMACHER, Judge, and HUSPENI, Judge.
    
    
      
       Retired judge of the Minnesota Court of Appeals, serving by appointment pursuant to Minn. Const, art. VI, § 10.
    
   OPINION

ROBERT H. SCHUMACHER, Judge.

Appellants American Federation of State, County & Municipal Employees, AFSCME Union Local 3456 (AFSCME), and several individual members challenge the district court’s summary judgment in favor of respondent Grand Rapids Public Utilities Commission. The district court ruled that respondent had not violated the Data Practices Act by releasing the individuals’ social security numbers in conjunction with a federally-mandated drug and alcohol testing program because the release was specifically authorized by law and thus permitted under the Data Practices Act. We affirm.

FACTS

The Omnibus Transportation Employee Testing Act, 49 U.S.C. § 31306 (1991), required employers to conduct random drug and alcohol testing of employees with commercial driver’s licenses. Employers with fewer than 50 employees were required to begin testing effective January 1996. In June 1995, respondent contracted with the Minnesota Municipal Utilities Association (MMUA) for assistance in implementing the testing. The MMUA developed a drug-testing consortium on behalf of the various utility commissions who were charged a flat fee plus a fee per participating employee. After contracting with MMUA, respondent compiled a list of employees subject to the testing and their social security numbers, which was forwarded to MMUA as early as August 1995. MMUA in turn disclosed the names and numbers to AdMed, Ltd., the testing administrator.

On December 2, 1995, respondent’s general manager Tony Ward sent a memo to the employees about the upcoming drug-testing program. The memo stated, that

the Consortium uses your name and social security number for identification. In the process, your social security number is kept confidential, however, if you would like a different code number assigned to your name, please contact me.

Then, on December 20, 1995, the MMUA held a seminar for the employees involved in the testing. Appellant John Aultman was an employee with union affiliation and asked to attend the meeting even though he did not have a commercial driver’s license and was not subject to the testing. Respondent told Aultman he could attend the meeting if he agreed to participate in the testing. Aultman agreed.

At the seminar, employees were asked to sign a form entitled “Substance Abuse Policy — Employee Acknowledgment of Notification.” The form included an acknowl-edgement that the employee’s social security number would be used in the testing process. At this point in time, the social security numbers had already been released to the MMUA. Some employees did not want to sign the form, but they were told that the social security numbers had already been released to the MMUA.

Soon after the seminar, appellants Robert C. Larson and Robert A. Stein asked that they be given alternative identification numbers. Respondent did so on December 26, 1995. Despite other employees’ objections and without signed consent forms from some employees, respondent continued to use the social security numbers. The employees contacted AFSCME for assistance with the issue. Throughout 1996, 1997, and 1998, AFSCME objected to the use of the social security numbers and respondent continued to use them. Appellants allege that some employees requested alternative identification numbers, and respondent refused to honor these requests. Appellants claim further that Aultman requested an alternative number repeatedly but was not granted one until July of 1997.

Eventually, AFSCME requested an advisory opinion from the Commissioner of the Minnesota Department of Administration, as set forth in the Data Practices Act. AFSCME and respondent made written submissions to the commissioner. As the district court later noted, the commissioner was not provided with any information, by either party, regarding federal law and regulations governing mandated federal drug and alcohol testing. As such, the commissioner issued Advisory Opinion 98-007, stating that respondent had violated the Data Practices Act in releasing the social security numbers.

Despite the advisory opinion, respondent continued to use the social security numbers until September 1999. Ward had transferred responsibility for overseeing the testing to respondent’s safety coordinator Dennis Doyle in late 1997. Doyle asked Ward about using alternative numbers, but Ward told him not to change the process. Eventually, in late 1999, Doyle decided to change the system and issued each employee an alternative number. The social security numbers no longer are used.

Despite the change, appellants initiated this lawsuit in April of 2000, requesting declaratory and injunctive relief, exemplary damages, and attorney fees. The district court granted summary judgment for respondent, concluding that the advisory opinion was not owed significant deference because the commissioner was not made aware of the federal law discussing the use of social security numbers in conjunction with the testing. The advisory opinion specifically stated that the commissioner was unaware of any statute that authorizes the release of social security numbers to testing companies. The district court concluded that no violation of the Data Practices Act had occurred because the federal law specifically authorized respondent’s release of the information. This appeal followed.

ISSUE

Is it a violation of the Data Practices Act for an employer to release an individual’s social security number to a third party if such release is permitted by federal law?

ANALYSIS

Summary judgment is appropriate when the pleadings, discovery, and affidavits in the record indicate that there is no genuine issue of material fact and that either party is entitled to summary judgment as a matter of law. Minn. R. Civ. P. 56.03. The reviewing court views the evidence “in the light most favorable to the party against whom judgment was granted.” Fabio v. Bellomo, 504 N.W.2d 758, 761 (Minn.1993) (citation omitted). Construction of the' Data Practices Act is a legal issue that this court reviews de novo. Deli v. Hasselmo, 542 N.W.2d 649, 655 (Minn.App.1996), review denied (Minn. April 16, 1996).

Under Minn.Stat. § 13.08 subd. 2 (2000), the district court may enjoin a political subdivision that violates or proposes to violate the Data Practices Act, and the court may make any order “necessary to prevent the use or employment * * * of any practices which violate this chapter.” Accordingly, this court may address the legality of respondent’s releasing appellants’ social security numbers in conjunction with the drug testing policy even though that practice is not presently occurring.

The district court ruled that the federal law specifically authorized the use of employee social security numbers for the purpose of drug and alcohol testing. The Data Practices Act permits otherwise prohibited conduct when such conduct is specifically authorized by law. See Minn.Stat. § 13.49, subd. 1 (2000) (“social security numbers * * * are private data on individuals, except to the extent that access to the social security number is specifically authorized by law”).

Appellants contend that the district court erred in interpreting the following provision in the federal law as “specifically authorizing” the release of the social security numbers:

The selection of drivers for random alcohol and controlled substances testing shall be made by a scientifically valid method, such as a random number table or a computer based random number generator that is matched with drivers’ Social Security numbers, payroll identification numbers, or other comparable identifying numbers.

49 CFR § 382.305(f)(1) (1991). Appellants maintain that this provision permits the use of social security numbers, but does not specifically authorize the use, given that alternative identification methods are also Usted. Appellants also maintain that this provision does not indicate that the social security numbers can be used without the employees’ consent.

The issue thus turns upon the proper interpretation of the term “specifically authorized.” The Minnesota courts have addressed the issue of releasing private data when specifically authorized by statute in the context of commitment hearings. See, e.g., In re Chapman, 386 N.W.2d 836, 837 (Minn.App.1986); In re Morton, 386 N.W.2d 832, 834 (Minn.App.1986). In Chapman and Morton, however, the release of the private data was required under the statute at issue. See Minn.Stat. § 253B.07 subd. 1(c) (“when the prepetition screening team recommends commitment, a written report shaU be sent to the county attorney * * *.”). In those cases, this court determined that when a particular statute specifically directs the release of certain data, that statute specifically authorizes the release of the data and no violation occurs under the Data Practices Act.

The issue presently before the court— whether a law that grants permission to disclose the data, as one of the methods of compliance — has not been addressed previously. Minn.Stat. § 13.49, subd. 1, however, does not use the word “mandates” or “requires.” Instead, the legislature chose the term “authorizes.” Appellants nonetheless argue that the Data Practices Act’s use of the phrase “specifically authorized” means “requires” or “necessary.”

We do not agree. We hold that the term “specifically authorizes” equates with “specifically permits” or “specifically allows.” Accordingly, a law that specifically references the disclosure of social security numbers as one method of complying with a mandated drug and alcohol testing program specifically authorizes the release of those social security numbers for purposes of the Data Practices Act.

Appellants argue that Minn.Stat. § 13.05, subd. 3 (2000) is applicable to the case at bar. This section prohibits dissemination of “private and confidential data on individuals” unless “necessary” for administering the testing program. Id. Under Minn.Stat. § 13.49, subd. 1, however, the social security numbers are no longer considered private data under the Data Practices Act because the dissemination of the numbers is specifically authorized by law. Accordingly, Minn.Stat. § 13.05, subd. 3 does not apply, and appellants cannot rely on this section in the face of the more specific statutory section on point.

Neither are we persuaded by appellants’ argument that respondent was required to obtain the employees’ consent before releasing the social security numbers. If the federal law intended for consent to be a condition precedent, the federal law would so provide. Without any such condition, we conclude that the law specifically authorizes respondent’s release of the employees’ social security numbers for purposes of the drug and alcohol testing program.

Appellants also have attempted to create a sub-class of claimants for Ault-man, who does not possess a commercial drivers’ license. Appellants argue that Aultman’s social security number should not have been released, even if respondent was allowed to release the numbers of other employees, because Aultman was not required to participate in that testing. Aultman agreed to participate in the drug and alcohol program. Upon submitting to the program, Aultman was subject to the same procedure as the other employees involved in the testing. Because we have concluded that respondent was specifically authorized to release the social security numbers in conjunction with the testing program and Aultman agreed to participate in this program, respondent did not violate the Data Practices Act by releasing Aultman’s social security number.

DECISION

The district court correctly ruled that the federal law specifically authorized respondent’s release of the employees’ social security numbers in conjunction with the drug and alcohol testing program. As such, the disclosure did not violate the Data Practices Act.

Affirmed. 
      
      . Appellants' counsel referenced “others similarly situated,” i.e., claimants not possessing a commercial driver's license, in addition to Aultman for the first time at oral argument in this court. Issues not briefed are waived. State, Dep’t of Labor and Industry v. Wintz Parcel Drivers, Inc., 558 N.W.2d 480, 480 (Minn.1997). Also, appellants did not raise this allegation in the district court, and we do not generally address such matters. Thiele v. Stick, 425 N.W.2d 580, 582 (Minn.1988).
     