Skip to main content Skip to office menu Skip to footer
Minnesota Legislature

Office of the Revisor of Statutes

HF 1377

as introduced - 91st Legislature (2019 - 2020) Posted on 02/18/2019 02:16pm

KEY: stricken = removed, old language.
underscored = added, new language.

Current Version - as introduced

Line numbers 1.1 1.2 1.3 1.4
1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 1.21 1.22 2.1 2.2 2.3 2.4 2.5 2.6

A bill for an act
relating to data practices; modifying definition of data security breach; amending
Minnesota Statutes 2018, section 13.055, subdivision 1.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:

Section 1.

Minnesota Statutes 2018, section 13.055, subdivision 1, is amended to read:


Subdivision 1.

Definitions.

For purposes of this section, the following terms have the
meanings given to them.

(a) "Breach of the security of the data" means unauthorized acquisition of deleted text begindatadeleted text endnew text begin personal
information as defined in section 325E.61 or an individual's health record as defined in
section 144.291 that is
new text end maintained by a government entity that compromises the security
and classification of the data. Good faith acquisition of or access to government data by an
employee, contractor, or agent of a government entity for deleted text beginthedeleted text endnew text begin governmentalnew text end purposes deleted text beginof the
entity
deleted text end is not a breach of the security of the data, if the government data is not new text beginfurther new text endprovided
to or viewable deleted text beginby an unauthorized person,deleted text endnew text begin outside the government entitynew text end or new text beginfurther new text endaccessed
for a purpose not described in the procedures required by section 13.05, subdivision 5. For
purposes of this paragraph, data maintained by a government entity includes data maintained
by a person under a contract with the government entity that provides for the acquisition of
or access to the data by an employee, contractor, or agent of the government entity.

(b) "Contact information" means either name and mailing address or name and e-mail
address for each individual who is the subject of data maintained by the government entity.

(c) "Unauthorized acquisition" means that a person has obtained, accessed, or viewed
government data without the informed consent of the individuals who are the subjects of
the data or statutory authority and with the intent to use the data for nongovernmental
purposes.

(d) "Unauthorized person" means any person who accesses government data without a
work assignment that reasonably requires access, or regardless of the person's work
assignment, for a purpose not described in the procedures required by section 13.05,
subdivision 5
.