Government Agencies . The following statutes apply to Minnesota State government agencies: 13.055 DISCLOSURE OF BREACH IN SECURITY; NOTIFICATION AND INVESTIGATION REPORT REQUIRED. Subdivision 1. Definitions. For purposes of this section, the following terms have the meanings given to them. (a) “Breach of the security of the data” means unauthorized acquisition of data maintained by a government entity that compromises the security and classification of the data. Good faith acquisition of or access to government data by an employee, contractor, or agent of a government entity for the purposes of the entity is not a breach of the security of the data, if the government data is not provided to or viewable by an unauthorized person, or accessed for a purpose not described in the procedures required by Minn. Stat. § 13.05, subdivision 5. For purposes of this paragraph, data maintained by a government entity includes data maintained by a person under a contract with the government entity that provides for the acquisition of or access to the data by an employee, contractor, or agent of the government entity. (b) “Contact information” means either name and mailing address or name and email address for each individual who is the subject of data maintained by the government entity. (c) “Unauthorized acquisition” means that a person has obtained, accessed, or viewed government data without the informed consent of the individuals who are the subjects of the data or statutory authority and with the intent to use the data for nongovernmental purposes. (d) “Unauthorized person” means any person who accesses government data without a work assignment that reasonably requires access, or regardless of the person’s work assignment, for a purpose not described in the procedures required by Minn. Stat. § 13.05, subdivision 5. Subd. 2. Notice to individuals; investigation report. (a) A government entity that collects, creates, receives, maintains, or disseminates private or confidential data on individuals must disclose any breach of the security of the data following discovery or notification of the breach. Written notification must be made to any individual who
94
Made with FlippingBook - Online Brochure Maker