The legislation would require cities to provide notification of data breaches, regardless of intent.
(Published Jan 28, 2019)
Committees in both the House and the Senate will hear a bill this week that could result in cities being required to provide more data breach notifications.
The House Judiciary Finance and Civil Law Division will hear HF 54 (Rep. Peggy Scott, R-Andover) on Jan. 30. The Senate Judiciary and Public Safety Finance and Policy Committee will hear its companion, SF 248 (Sen. Warren Limmer, R-Maple Grove) on the same day. The proposed legislation is based on a recommendation from the Legislative Commission on Data Practices.
If these House and Senate committees approve the bills, the legislation will then go to the floor in each body.
Legislators have identified some examples in which notification was not provided when possible data breaches had occurred. While cities may have acted in compliance with the current law, legislators are concerned about this lack of notification.
Currently, Minnesota Statutes, section 13.055 provides that an “unauthorized acquisition” happens when (1) a person has obtained, accessed, or viewed government data without the informed consent of the individuals who are the subjects of the data or without statutory authority, and (2) that person intends to use the data for nongovernmental purposes. The bill would remove the second intent requirement.
While the current law offers more protection, the bill keeps the “good faith” exception in law that would apply when a city employee, contractor, or agent accesses otherwise private or non-public data, provided that the person accesses the data as part of his or her work.
For more background information about this bill, read a previous Cities Bulletin article.
* By posting you are agreeing to the LMC Comment Policy.