|
The Legislative Commission on Data Practices and Personal Data Privacy met for a final time in 2018 and issued recommendations for consideration by the full Legislature in 2019. The Commission's recommendations cover these topics:
- Patient consent and disclosure of medical records under the Minnesota Health Records Act
- Privacy and Direct-To-Consumer (DTC) genetic testing
- Notification requirements for data security breaches at government entities
Audio and video archives of the Commission's 2018 meetings are available on the Commission's home page.
Trade secret information
In Advisory Opinion 18-016, a government entity asked about the classification of certain financial data that it maintains about one of its licensee racetracks. The entity argued that the data at issue did not meet the definition of “trade secret” in section 13.37 because the licensee did not demonstrate that the data derived “independent economic value, actual or potential, from not being generally known.” The Commissioner agreed with the entity’s determination that the data were not trade secret and therefore, presumptively public.
Investigation file data
In Advisory Opinion 18-017, a city asked about the classification of certain data related to the final disposition of disciplinary action in an “Investigation File,” which is now part of an active criminal investigation. The city discussed the operation of section 13.43, and concluded that the data in the Investigation File are public personnel data. The Commissioner agreed that the data are public when maintained by the city and confidential/protected nonpublic at the prosecuting attorney’s office, consistent with a 2016 Minnesota Supreme Court case, Harlow v. State Dept. of Human Services, 883 N.W.2d 561 (Minn. 2016).
Open Meeting Law and telephone meetings
In Advisory Opinion 18-018, a member of the public asked if a watershed district had violated the Open Meeting Law when it allowed members to participate in a meeting via telephone in order to reach a quorum. The Commissioner opined that per section 13D.021, there must be a declared emergency under Minnesota Statutes, Chapter 12 for a local (versus state-level) public body to conduct a meeting via telephone.
Meetings via interactive television
In Advisory Opinion 18-019, a watershed district asked whether a member of the board of commissioners could attend meetings via interactive television from Florida. The Commissioner concluded that the geographical limitation imposed by the Minnesota Supreme Court in Quast v. Knutson, 150 N.W.2d 199 (Minn. 1967), only applied to situations when an entire public body held a meeting outside the territorial confines of its jurisdiction. Minnesota Statutes, section 13D.02, allows members to attend via interactive television when all of the conditions of that section are met.
Data request for information in a Facebook page
In Advisory Opinion 19-001, a city asked whether it responded appropriately to a data request for information from a Facebook page maintained by the mayor, when it replied to the requester that the information was not government data. The Commissioner opined that the city had responded appropriately because the mayor created and maintained the page outside of his official duties and the city did not collect, create, receive, maintain, or disseminate the information. Thus, the information did not fit within the definition of government data.
The Court of Appeals held that the district court properly determined that GPS location data maintained by Intoxalock, a private manufacturer certified by the Department of Public Safety (DPS), was not government data. While DPS could access the data, it did not “record” or “receive” the data from Intoxalock. The Court stated that the Data Practices Act “regulates the public’s access to government data, and does not regulate the government’s ability to access data.”
The Court also upheld the district court’s dismissal of a Tennessen warning claim against Intoxalock related to the collection of the GPS data, but reversed its dismissal of the Tennessen warning claim against DPS with regard to the program participation agreement and remanded for a determination on the merits.
Finally, the Court determined that the district court properly dismissed Data Practices Act claims against Intoxalock because it is not subject to the Data Practices Act, as neither an implied nor express contract existed between it and DPS. Therefore, section 13.05, subdivision 11 did not apply: “there is nothing in section 13.05, subdivision 11, which suggests that every private party that holds a state certificate is subject to the [Data Practices Act]. In fact, were we to hold otherwise, we would greatly expand the reach of the Act.”
|
