A Legal Guide to PRIVACY AND DATA SECURITY 2024

cookies before requiring the person to provide any data about the person to the government entity. As part of that notice, the government entity must inform the person how the data will be used and disseminated, including the uses and disseminations in subdivision 4. (b) Notwithstanding a person’s refusal to accept a cookie on the person’s computer, a government entity must allow the person to gain access to data or information, transfer data or information, or use government services by the government entity’s computer. Subd. 4. Use of electronic access data. Electronic access data may be disseminated: (1) to the commissioner for the purpose of evaluating electronic government services; (2) to another government entity to prevent unlawful intrusions into This section does not apply to a cookie temporarily installed by a government entity on a person’s computer during a single session on or visit to a government entity’s website if the cookie is installed only in a computer’s memory and is deleted from the memory when the website browser or website application is closed. Plastic Card Security Act [Minn. Stat. § 325E.64] In 2007 Minnesota became the first state to incorporate a portion of the PCI-DSS into their state data security or data breach laws. government electronic systems; or (3) as otherwise provided by law. Subd. 5. Exception. Known as the Plastic Card Security Act, the Minnesota law was passed largely in response to the massive data breach at TJX Companies when card issuers were required to reissue millions of debit and credit cards. The Minnesota law prohibits anyone conducting business in Minnesota from storing sensitive information from credit and debit cards after the transaction has been authorized. The law also makes noncompliant entities liable for financial institutions costs related to cancelling and

99

Made with FlippingBook - Online Brochure Maker