Skip to main content Skip to office menu Skip to footer
Capital IconMinnesota Legislature
Office of the Revisor of Statutes

HF 1377

as introduced - 91st Legislature (2019 - 2020) Posted on 02/18/2019 02:16pm

KEY: stricken = removed, old language.
underscored = added, new language.
Version List Authors and Status
Pdf Rtf

Current Version - as introduced

Line numbers 1.1 1.2 1.3 1.4
1.5 1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 1.21 1.22 2.1 2.2 2.3 2.4 2.5 2.6

A bill for an act
 relating to data practices; modifying definition of data security breach; amending
Minnesota Statutes 2018, section 13.055, subdivision 1.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:

Section 1.

Minnesota Statutes 2018, section 13.055, subdivision 1, is amended to read:


Subdivision 1.

Definitions.

For purposes of this section, the following terms have the
meanings given to them.

(a) "Breach of the security of the data" means unauthorized acquisition of deleted text begin datadeleted text end new text begin personal
information as defined in section 325E.61 or an individual's health record as defined in
section 144.291 that isnew text end maintained by a government entity that compromises the security
and classification of the data. Good faith acquisition of or access to government data by an
employee, contractor, or agent of a government entity for deleted text begin thedeleted text end new text begin governmentalnew text end purposes deleted text begin of the
entitydeleted text end is not a breach of the security of the data, if the government data is not new text begin further new text end provided
to or viewable deleted text begin by an unauthorized person,deleted text end new text begin outside the government entitynew text end or new text begin further new text end accessed
for a purpose not described in the procedures required by section 13.05, subdivision 5. For
purposes of this paragraph, data maintained by a government entity includes data maintained
by a person under a contract with the government entity that provides for the acquisition of
or access to the data by an employee, contractor, or agent of the government entity.

(b) "Contact information" means either name and mailing address or name and e-mail
address for each individual who is the subject of data maintained by the government entity.

(c) "Unauthorized acquisition" means that a person has obtained, accessed, or viewed
government data without the informed consent of the individuals who are the subjects of
the data or statutory authority and with the intent to use the data for nongovernmental
purposes.

(d) "Unauthorized person" means any person who accesses government data without a
work assignment that reasonably requires access, or regardless of the person's work
assignment, for a purpose not described in the procedures required by section 13.05,
subdivision 5.