A Legal Guide to PRIVACY AND DATA SECURITY 2024

325M.04 WHEN DISCLOSURE OF PERSONAL INFORMATION PERMITTED; AUTHORIZATION. Subdivision 1. Conditions of disclosure. An Internet service provider may disclose personally identifiable information concerning a consumer to: (1) any person if the disclosure is incident to the ordinary course of business of the Internet service provider; (2)another Internet service provider for purposes of reporting or preventing violations of the published acceptable use policy or customer service agreement of the Internet service provider; except that the recipient may further disclose the personally identifiable information only as provided by this chapter; (3) any person with the authorization of the consumer; or (4) as provided by Minn. Stat. § 626A.27. Subd. 2. Authorization. The Internet service provider may obtain the consumer’s authorization of the disclosure of personally identifiable information in writing or by electronic means. The request for authorization must reasonably describe the types of persons to whom personally identifiable information may be disclosed and the anticipated uses of the information. In order for an authorization to be effective, a contract between an Internet service provider and the consumer must state either that the authorization will be obtained by an affirmative act of the consumer or that failure of the consumer to object after the request has been made constitutes authorization of disclosure. The provision in the contract must be conspicuous. Authorization may be obtained in a manner consistent with self- regulating guidelines issued by representatives of the Internet service provider or online industries, or in any other manner reasonably designed to comply with this subdivision. 325M.05 SECURITY OF INFORMATION. The Internet service provider shall take reasonable steps to maintain the security and privacy of a consumer’s personally identifiable information. The Internet service provider is not liable for actions that would constitute a violation of section Minn. Stat. §§ 609.88, 609.89, or 609.891, if the Internet service provider does not participate in, authorize, or approve the actions.

83

Made with FlippingBook - Online Brochure Maker