as introduced - 91st Legislature (2019 - 2020) Posted on 03/07/2019 03:53pm
A bill for an act
relating to data practices; modifying definition of data security breach; amending
Minnesota Statutes 2018, section 13.055, subdivision 1.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:
Minnesota Statutes 2018, section 13.055, subdivision 1, is amended to read:
For purposes of this section, the following terms have the
meanings given to them.
(a) "Breach of the security of the data" means unauthorized acquisition of deleted text begindatadeleted text endnew text beginnew text end maintained by a government entity that compromises the security
and classification of the data. Good faith acquisition of or access to government data by an
employee, contractor, or agent of a government entity for deleted text beginthedeleted text endnew text beginnew text end purposes deleted text beginof the
entitydeleted text end is not a breach of the security of the data, if the government data is not new text beginnew text endprovided
to or viewable deleted text beginby an unauthorized person,deleted text endnew text beginnew text end or new text beginnew text endaccessed
for a purpose not described in the procedures required by section 13.05, subdivision 5. For
purposes of this paragraph, data maintained by a government entity includes data maintained
by a person under a contract with the government entity that provides for the acquisition of
or access to the data by an employee, contractor, or agent of the government entity.
(b) "Contact information" means either name and mailing address or name and e-mail
address for each individual who is the subject of data maintained by the government entity.
(c) "Unauthorized acquisition" means that a person has obtained, accessed, or viewed
government data without the informed consent of the individuals who are the subjects of
the data or statutory authority and with the intent to use the data for nongovernmental
(d) "Unauthorized person" means any person who accesses government data without a
work assignment that reasonably requires access, or regardless of the person's work
assignment, for a purpose not described in the procedures required by section 13.05,