HF 4270

new text begin Subd. 5a. new text end

new text begin Audit trail required. new text end

new text begin (a) The responsible authority shall establish procedures
to ensure that all actions in which not public data are created, received, changed, accessed,
shared, or disseminated are recorded in a data audit trail. In addition, an audit trail must
record:
new text end

new text begin (1) the date of the action;
new text end

new text begin (2) the identity of the person interacting with the data;
new text end

new text begin (3) for data received from another government entity or person, the identity of the sending
government entity or person; and
new text end

new text begin (4) for data shared or disseminated outside the government entity, the identity of the
receiving government entity or person.
new text end

new text begin (b) Data contained in an audit trail shall have the same classification as the underlying
data tracked by the audit trail.
new text end

new text begin (c) Notwithstanding section 138.17, an audit trail must be retained for not less than ten
years or until the underlying data tracked by the audit trail is destroyed pursuant to the
government entity's approved records retention schedule.
new text end

new text begin (d) This subdivision is intended to create general requirements for government entities.
It is not intended to conflict with and does not supersede other particular audit trail
requirements in state law. Any conflict between this subdivision and other particular audit
trail requirements in state law shall be resolved pursuant to section 645.26, subdivision 1.
new text end