Minnesota Legislature
HF 3976
as introduced - 92nd Legislature (2021 - 2022) Posted on 03/03/2022 02:05pm
Current Version - as introduced
1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 1.21 1.22 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.12
2.13
A bill for an act
relating to motor vehicles; modifying provisions regarding access to driver and
vehicle services information system; amending Minnesota Statutes 2020, section
171.12, subdivision 1a.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:
Section 1.
Minnesota Statutes 2020, section 171.12, subdivision 1a, is amended to read:
Subd. 1a.
Driver and vehicle services information system; security and auditing.
(a)
The commissioner must establish written procedures to ensure that only individuals
authorized by law may enter, update, or access not public data collected, created, or
maintained by the driver and vehicle services information system. An authorized individual's
ability to enter, update, or access data in the system must correspond to the official duties
or training level of the individual and to the statutory authorization granting access for that
purpose. All queries and responses, and all actions in which data are entered, updated,
accessed, shared, or disseminated, must be recorded in a data audit trail. Data contained in
the audit trail are public to the extent the data are not otherwise classified by law.
(b) new text begin The commissioner must not suspend or revoke the authorization of any individual
who properly accessed data to complete an authorized transaction or to resolve an issue that
does not result in a completed authorized transaction. new text end The commissioner must immediately
and permanently revoke the authorization of any individual who willfully entered, updated,
accessed, shared, or disseminated data in violation of state or federal law. If an individual
willfully gained access to data without authorization by law, the commissioner must forward
the matter to the appropriate prosecuting authority for prosecution.new text begin The commissioner must
establish a process that allows an individual whose access was revoked to appeal that
decision.
new text end
(c) The commissioner must arrange for an independent biennial audit of the driver and
vehicle services information system to determine whether data currently in the system are
classified correctly, how the data are used, and to verify compliance with this subdivision.
The results of the audit are public. No later than 30 days following completion of the audit,
the commissioner must provide a report summarizing the audit results to the commissioner
of administration; the chairs and ranking minority members of the committees of the house
of representatives and the senate with jurisdiction over transportation policy and finance,
public safety, and data practices; and the Legislative Commission on Data Practices and
Personal Data Privacy. The report must be submitted as required under section 3.195, except
that printed copies are not required.
new text begin EFFECTIVE DATE. new text end
new text begin
This section is effective August 1, 2022.
new text end