Subd. 2. Classification of data. Electronic access data are private data on individuals or nonpublic data. Subd. 3. Notice; refusal to accept cookie. (a) A government entity that creates, collects, or maintains electronic access data or uses its computer to install a cookie on a person’s computer must inform persons gaining access to the entity’s computer of the creation, collection, or maintenance of electronic access data or the entity’s use of cookies before requiring the person to provide any data about the person to the government entity. As part of that notice, the government entity must inform the person how the data will be used and disseminated, including the uses and disseminations in subdivision 4. (b) Notwithstanding a person’s refusal to accept a cookie on the person’s computer, a government entity must allow the person to gain access to data or information, transfer data or information, or use government services by the government entity’s computer. Subd. 4. Use of electronic access data. Electronic access data may be disseminated: (1) to the commissioner for the purpose of evaluating electronic government services; (2) to another government entity to prevent unlawful intrusions into This section does not apply to a cookie temporarily installed by a government entity on a person’s computer during a single session on or visit to a government entity’s website if the cookie is installed only in a computer’s memory and is deleted from the memory when the website browser or website application is closed. Plastic Card Security Act [Minn. Stat. § 325E.64] In 2007 Minnesota became the first state to incorporate a portion of the PCI-DSS into their state data security or data breach laws. government electronic systems; or (3) as otherwise provided by law. Subd. 5. Exception.
104
Made with FlippingBook - Online Brochure Maker