3.979 Data classification and disclosure.
Subdivision 1. Data practices. The legislative auditor is subject to the Government Data Practices Act, chapter 13, and shall protect from unlawful disclosure data classified as not public. If data provided by the legislative auditor to the commission is disseminated by the commission or its members or agents in violation of section 13.05, subdivision 4, the commission is subject to liability under section 13.08, subdivisions 1 and 3.
Subd. 2. Access to data by commission members. Members of the commission have access to data that is collected or used by the legislative auditor and classified as not public or as private or confidential only as authorized by resolution of the commission. The commission may not authorize its members to have access to private or confidential data on individuals collected or used in connection with the collection of any tax.
Subd. 3. Audit data. (a) "Audit" as used in this subdivision means a financial audit, review, program evaluation, best practices review, or investigation. Data relating to an audit are not public or with respect to data on individuals are confidential until the final report of the audit has been released by the legislative auditor or the audit is no longer being actively pursued. Upon release of a final audit report by the legislative auditor, data relating to an audit are public except data otherwise classified as not public.
(b) Data related to an audit but not published in the audit report and that the legislative auditor reasonably believes will be used in litigation are not public and with respect to data on individuals are confidential until the litigation has been completed or is no longer being actively pursued.
(c) Data on individuals that could reasonably be used to determine the identity of an individual supplying data for an audit are private if the data supplied by the individual were needed for an audit and the individual would not have provided the data to the legislative auditor without an assurance that the individual's identity would remain private, or the legislative auditor reasonably believes that the subject would not have provided the data.
(d) The definitions of terms provided in section 13.02 apply for purposes of this subdivision.
Subd. 4. Review of data; data protection. If, before releasing a report, the legislative auditor provides a person with data relating to the audit for the purpose of review and verification of the data, the person must protect the data from unlawful disclosure or be subject to the penalties and liabilities provided in sections 13.08 and 13.09.
Subd. 5. Commissioner's opinion; legislative auditor access to data. If, after the commissioner of administration issues an opinion under section 13.072 that a person requesting access to data held by a state agency is entitled to that access, the state agency continues to refuse to provide the data or the person making the request is told that the data sought does not exist, the legislative audit commission may instruct the legislative auditor to review all state agency data related to the request. Following the review, the legislative auditor shall provide all public data obtained, if any, to the legislative audit commission.
HIST: 1973 c 492 s 12; 1973 c 720 s 76 subd 2; 1975 c 204 s 90; 1980 c 484 s 1-3; 1981 c 311 s 39; 1982 c 545 s 24; 1983 c 317 s 1; 1985 c 248 s 70; 1986 c 444; 1988 c 469 art 1 s 1; 1989 c 351 s 1; 1991 c 345 art 1 s 38; 1993 c 4 s 5; 1994 c 632 art 3 s 15; 1997 c 184 s 1; 1999 c 99 s 23; 1Sp2001 c 10 art 2 s 11