Skip to main content Skip to office menu Skip to footer
Minnesota Legislature

Office of the Revisor of Statutes

1205.1300 DUTIES OF THE RESPONSIBLE AUTHORITY IN ADMINISTERING PRIVATE AND CONFIDENTIAL DATA.

Subpart 1.

Determining collection date.

In order to administer the requirements of Minnesota Statutes, section 13.05, subdivision 4, the responsible authority shall determine for each type of record, file, or process identified in part 1205.1200 whether the data contained therein was collected prior to, on, or subsequent to August 1, 1975.

Subp. 2.

Reviewing earlier records.

For each type of record, file, or process containing data collected prior to August 1, 1975, the responsible authority shall:

A.

review the federal, state, or local legal enabling authority which mandated or necessitated the collection of the private or confidential data;

B.

based on that review, determine the lawful purpose for the collection of the data at the time it was originally collected; and

C.

direct the staff of the entity that private or confidential data collected prior to August 1, 1975, shall not be used, stored, or disseminated for any purpose, unless that purpose was authorized by the enabling authority which was in effect at the time the data was originally collected.

Subp. 3.

Reviewing later records.

For each type of record, file, or process containing private or confidential data collected on or subsequent to August 1, 1975, the responsible authority shall:

A.

review the legal enabling authority which mandates or necessitates the collection of the data; and

B.

identify the purposes for the collection of and the intended uses of all private or confidential data that have been communicated to data subjects or should have been communicated to data subjects at the time of data collection, pursuant to Minnesota Statutes, section 13.04, subdivision 2.

Subp. 4.

Preparing lists.

Using the purposes and uses identified in subparts 2 and 3, the responsible authority shall:

A.

prepare lists which identify the uses of and purposes for the collection of private or confidential data for each type of record, file, or process identified in part 1205.1500. Each list shall identify all persons, agencies, or entities authorized by state or federal law to receive any data disseminated from the particular record, file, or process.

B.

Pursuant to Minnesota Statutes, section 13.04, subdivision 2 either:

(1)

attach each list identifying purposes, uses, and recipients of data to all agency forms which collect the private or confidential data that will be retained in each record, file, or process; or

(2)

communicate, in any reasonable fashion, the contents of each list to data subjects at the time particular data that will be retained in each record, file, or process is collected from them. For purposes of this subitem, "reasonable fashion" shall include, but not be limited to, oral communications made to data subjects and providing data subjects with brochures that describe the entity's purposes for the collection of and the uses to be made of private and confidential data.

Subp. 5.

Making policy.

In administering the entity's private or confidential data consistent with the provisions of these rules, the responsible authority shall:

A.

educate entity personnel as to authorized purposes and uses;

B.

prepare administrative procedures that will acquaint entity personnel with authorized purposes and uses; and

C.

distribute policy directives requiring compliance with the entity's determination of authorized purposes and uses.

Statutory Authority:

MS s 13.07

Published Electronically:

July 13, 2007