MN PRIMA: 2014 Data Practices Presentation Stacie Christensen, Director Information Policy Analysis Division, Admin.

Slides:



Advertisements
Similar presentations
June Data Practices in Minnesota. June Outline for this presentation Minnesota data practices laws Classification of government data Government.
Advertisements

Red Flag Rules: What they are? & What you need to do
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
An Overview for In-Home Service Providers Legal advice must be tailored to specific circumstances. Information provided in this presentation should not.
The Minnesota Data Practices Act …and what it means to you.
Data Practices in Minnesota March Minnesota data practices laws Classification of government data Government entity responsibilities Rights of access.
The Open Meeting Law in Minnesota
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Steps to Compliance: Managing Business Associates PRESENTED BY.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Data Practices January 22, 2014 Amber Eisenschenk, Staff Attorney Susan Naughton, Staff Attorney League of Minnesota Cities.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
feature=youtu.be.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
Recent IT Security Breaches & How Organizations Prepare Evan McGrath Spohn Consulting May 23, 2015.
Data Classification & Privacy Inventory Workshop
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Test Security. Texas Education Code (TEC) Sec SECURITY IN ADMINISTRATION OF ASSESSMENT INSTRUMENTS. (a) The commissioner: (1) shall establish.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
Electronic Records Management: What Management Needs to Know May 2009.
June Data Practices in Minnesota. June Outline for this presentation Minnesota data practices laws Classification of government data Government.
707 KAR 1:360 Confidentiality of Information. Section 1: Access Rights 1) An LEA shall permit a parent to inspect and review any education records relating.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
© 2011 Foley Hoag LLP. All Rights Reserved. 1 What Law Applies In “the Cloud”? And how far into the Cloud does Massachusetts law extend? A CloudCamp Boston.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.
© Copyright 2010 Hemenway & Barnes LLP H&B
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.
Government Data Practices and the Open Meeting Law August 2014.
Data Practices in Minnesota December Outline for this presentation Minnesota data practices laws Classification of government data Government entity.
Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
HOW TO RESPOND TO A DATA BREACH: IT’S NOT JUST ABOUT HIPAA ANYMORE The Thirteenth National HIPAA Summit  September 26, 2006 Renee H. Martin, JD, RN, MSN.
Indiana’s Access to Public Records Act Heather Willis Neal Indiana Public Access Counselor Presented to Indiana State Department of Health August 21, 2008.
Privacy and Data Breach Issues Kirk Herath, VP, Chief Privacy Officer, Nationwide & Dino Tsibouris, Founding Principal, Tsibouris & Associates.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Taylor County Schools FERPA (Confidentiality) Training August 17, 2010.
Results. Relationships. Reputation. Legal and Policy Elements to Community Planning and Zoning – Open Meeting Law Christopher A. Schmaltz Gust Rosenfeld,
Open Meetings, Public Records, Conflicts of Interest, EMC Bylaws, and Penalty Remissions* Jennie Wilhelm Hauser Special Deputy Attorney General Presentation.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Privacy principles Individual written policies
Responding to a Data Breach 360° of IT Compliance
Chapter 3: IRS and FTC Data Security Rules
Notifiable data breaches Roundtable
FOIA, Privacy & Records Management Conference 2009
Privacy & Access to Information
Security Awareness Training: System Owners
Alabama Data Breach Notification Act: What 911 Districts Need to Know
Alabama Data Breach Notification Act: What County Governments Need to Know Morgan Arrington, General Counsel Association of County Commissions of Alabama.
Government Data Practices & Open Meeting Law Overview
National HIPAA Audioconferences
Government Data Practices & Open Meeting Law Overview
Presentation transcript:

MN PRIMA: 2014 Data Practices Presentation Stacie Christensen, Director Information Policy Analysis Division, Admin

Information Policy Analysis Division (IPAD) Informal advice Commissioner of Administration advisory opinions Training and workshops Website, info pages, listserv and newsletters Legislative assistance Who We Are and What We Do

Overview: Government Data Practices Act Minnesota Statutes, Chapter 13 – Applies to government entities in Minnesota – Presumes government data are public – Classifies data that are not public – Provides rights for the public and data subjects – Requires that data on individuals are accurate, complete, current, and secure Minnesota Rules, Chapter 1205

Other Data Practices Related Laws The Official Records Act (Minn. Stat. § 15.17) The Records Management Statute (Minn. Stat. § )

What are government data? Government data are “all data collected, created, received, maintained or disseminated by any government entity regardless of its physical form, storage media or conditions of use.”

Official Records Act: Create and Maintain Data Government Data Practices Act: Administer Data Records Management Statute: Destroy Data

Classification of Government Data ClassificationAccessExamples Public Available to anyone for any reason Government employee’s name Private/ Nonpublic  Data subject  Those in the entity whose work requires access  Entities authorized by law  Those authorized by data subject Social security numbers Confidential/ Protected Nonpublic  Those in the entity whose work requires access  Entities authorized by law **Data subject does not have access Active investigative data

Maintaining Government Data No requirement to maintain data in a particular format or system of organization However… Data must be “easily accessible for convenient use.” (Minn. Stat. § 13.03, subd. 1)

Penalties and Remedies Remedies (Minn. Stat. §13.08) – Action to compel compliance – Action for damages, costs, and attorneys fees Administrative remedy (Minn. Stat. §13.085) – Administrative hearing within 2 years of alleged violation – Action to compel compliance Penalties (Minn. Stat. §13.09) – Willful violation or knowing unauthorized acquisition of not public data = misdemeanor – Dismissal or suspension Advisory opinions (Minn. Stat. §13.072)

Liability Considerations: Data Breach Legislation Creation of Procedures for Not Public Data (Ch. 284, sec. 1; 13.05, subd. 5) – Requires the responsible authority to establish procedures to ensure that only those who have a work assignment can access not public data Data Security Breaches (Ch. 284, sec. 2; ) – Data breach requirements now apply to all government entities – Responsible authority must investigate and create a report that details any breach of the security of not public data – Annual security assessment – Applies to all security breaches beginning August 1, 2014 Penalties (Ch. 284, sec. 3; 13.09) – Penalty for knowing access to not public data without a work reason – Applies to unauthorized access beginning August 1, 2014

Other State Breach Notification MinnesotaOther States Type of data that require a notification if breach occurs Private or Confidential Data on Individuals Many states list the specific data that require a breach notification Most include: name of individual in combination with SSN, DL number, or credit card info CA recently included username or with password or security question and answer Risk of harm analysis before notification Breach notification is required if the breach “compromises the security and classification of the data” Most states require a risk of harm analysis in determining if notification is required Alaska requires an investigation and a determination that there is not a reasonable likelihood of harm Require notice to state official State agencies must notify the OLA for any improper use of not public data Many states require notice to the Attorney General at the same time that they provide breach notification Require notice for access Notification is required for both access and acquisition Many states only require notification for acquisition

Liability Considerations: General Requirements Data collection – Limited to that necessary for the administration and management of programs Data protection and security – Establish appropriate security safeguards Procedures for ensuring that data that are not public are only accessible to persons whose work assignment reasonably requires access

Liability Considerations: Specific Issues Issues – Credit card information – License plate reader data – Cloud Storage – Squad cams/body cams – Others?

S TACIE.C STATE. MN. US (651) WWW. IPAD. STATE. MN. US INFO. STATE. MN. US (651)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.