Enforcement The MCPA is enforceable by the Attorney General’s office. There is no private right of action. Violations of the MCPA are subject to injunctive relief and civil penalties up to $7,500 per violation. The Minnesota Attorney General is required to provide a controller or processor with notice of the specific provisions of the MCPA that it alleges have been violated and 30 days to cure the violations prior to bringing an enforcement action. This cure provision expires on January 31, 2026. Effective Date The law’s effective date is July 31, 2025. Postsecondary institutions regulated by the Office of Higher Education are not required to comply until July 31, 2029. Other Minnesota data privacy related statutes include the following: Minn. Stat. § 325M.01 Internet Service Providers Minn. Stat. § 609.527 Identity Theft
Minn. Stat. § 325E.61 Data Breach Notification Minn. Stat. § 13.055 Data Breach Notification (Government Agencies) Minn. Stat. § 13.0 Minnesota Government Data Practices Act Minn. Stat. § 13.15 Government Websites Minn. Stat. § 325E.64 Plastic Card Security Act Minn. Stat. § 325E.59 Social Security Numbers Minn. Stat. § 626A.02 Wiretap law
85
Made with FlippingBook - Online Brochure Maker