DEEDWorkForce CenterReception and Resource Area Certification Program

Module 2Unit 1b: WorkForce Center System IILearning Objectives III

Learning Objectives 3Data Privacy Awareness

Awareness The Data Practices Act Customer Rights Tennessen Warning Notice Informed Consent Data Protection and Security Resources

This information is based on from the Information Policy Analysis Division of the Minnesota

Department of Administration in 2007.

AWARENESS

Awareness

Anyone working in a WFC is responsible for properly handling customer data.

Customers have rights to privacy and security. Tennessen Notice Warning Sharing customer information with others is restricted.

THE DATA PRACTICES ACT

The Data Practices Act

Minnesota Statutes, Chapter 13 and Minnesota Rules, Chapter 1205

Presumes government data are public Classifies data that are not public Provides rights for the public and data subjects Requires that data on individuals are accurate, complete,

current, and secure Defines government data

CUSTOMER RIGHTS

Customer’s Rights

Data subjects: Limits on the government’s collection and storage of

data on individuals Right to certain information prior to the collection of

private or confidential data Right to consent to the new use of data Right to challenge the accuracy and/or completeness of

data Expectation in the security of data

The Three Laws of Data Practices

The Official Records Act Minnesota Statutes, section 15.17

The Records Management Statute Minnesota Statutes, section 138.17

The Minnesota Government Data Practices Act Minnesota Statutes, Chapter 13 & Minnesota Rules,

Chapter 1205

THE TENNESSEN WARNING NOTICE

Tennessen Warning NoticeTennessen Warning Notice, Minnesota 13.04, subdivision 2

covers: Private data collected from an individual on an

individual Describes individual’s rights before data can be

collected, stored, used, or disseminated Describes purpose and intended use of data Whether the individual may refuse or is legally required

to provide the data Known consequences from supplying or refusing to

supply the data Identity of other persons or entities with statutorily

authorized access to the data

INFORMED CONSENT

Informed consent

Permission for a new use or release of government data

Informed consent is necessary for: Entity to use data in a new or different way A new release of data Collection of data about an individual from another

person or entity Informed consent must be in writing and cannot be

coerced

DATA PROTECTION AND SECURITY

Data protection & security

Appropriate security safeguards and appropriate destruction of not public data Minnesota Statutes, section 13.05, subdivision 5

Disclosure of breach in security of data Minnesota Statutes, section 13.055

Protecting not public data

DEEDWorkForce CenterReception and Resource Area Certification Program

Module 2Unit 1b: WorkForce Center System IILearning Objectives III

Learning Objectives 3Data Privacy Awareness

Awareness The Data Practices Act Customer Rights Tennessen Warning Notice Informed Consent Data Protection and Security Resources

This information is based on from the Information Policy Analysis Division of the Minnesota

Department of Administration in 2007.

AWARENESS

Awareness

Anyone working in a WFC is responsible for properly handling customer data.

Customers have rights to privacy and security. Tennessen Notice Warning Sharing customer information with others is restricted.

THE DATA PRACTICES ACT

The Data Practices Act

Minnesota Statutes, Chapter 13 and Minnesota Rules, Chapter 1205

Presumes government data are public Classifies data that are not public Provides rights for the public and data subjects Requires that data on individuals are accurate, complete,

current, and secure Defines government data

CUSTOMER RIGHTS

Customer’s Rights

Data subjects: Limits on the government’s collection and storage of

data on individuals Right to certain information prior to the collection of

private or confidential data Right to consent to the new use of data Right to challenge the accuracy and/or completeness of

data Expectation in the security of data

The Three Laws of Data Practices

The Official Records Act Minnesota Statutes, section 15.17

The Records Management Statute Minnesota Statutes, section 138.17

The Minnesota Government Data Practices Act Minnesota Statutes, Chapter 13 & Minnesota Rules,

Chapter 1205

THE TENNESSEN WARNING NOTICE

Tennessen Warning NoticeTennessen Warning Notice, Minnesota 13.04, subdivision 2

covers: Private data collected from an individual on an

individual Describes individual’s rights before data can be

collected, stored, used, or disseminated Describes purpose and intended use of data Whether the individual may refuse or is legally required

to provide the data Known consequences from supplying or refusing to

supply the data Identity of other persons or entities with statutorily

authorized access to the data

Discussion Point

1. Do understand the purpose of the Tennessen Warning Notice?

INFORMED CONSENT

Informed consent

Permission for a new use or release of government data

Informed consent is necessary for: Entity to use data in a new or different way A new release of data Collection of data about an individual from another

person or entity Informed consent must be in writing and cannot be

coerced

DATA PROTECTION AND SECURITY

Data protection & security

Appropriate security safeguards and appropriate destruction of not public data Minnesota Statutes, section 13.05, subdivision 5

Disclosure of breach in security of data Minnesota Statutes, section 13.055

Protecting not public data

Tips to Protect Not Public Data• Lock the screen of your computer when leaving your desk• Turn copies of not public data documents over or outside of view. • Use locked file cabinets for not public data• Do not leave not public data on a copier, printer, or fax machine.• Do not discuss not public data with co-workers whose work does not

require knowing about the data• Create strong passwords for your computer, do not share it others,

and change it periodically. • Remove private data that you do not need to do your job from your

laptop or briefcase.• If you must use not public electronic data away from the office, consult

with your technology person to discuss encryption options• Do not access not public data using a web browser on a public

computer• Hide your laptop from plain view in your car; best to take it with you.

Put it in the trunk before you reach your destiny.

Specific provisions of Chapter 13

General not public data Social Security numbers

Private (Minnesota Statutes, section 13.355) Security information

Private/nonpublic (Minnesota Statutes, section 13.37)

Trade secret data Private/nonpublic (Minnesota Statutes, section

13.37)

Civil remedies & penalties

Minnesota Statutes, sections 13.08 & 13.09 Civil suits against government entity or responsible

authority allowed Penalties for willful violation

Misdemeanor Suspension or dismissal

Data Practices Checklist1. Does our government entity know what data we collect and keep?

2. Does our government entity understand how the data are classified?

3. Does our government entity have a “data practices compliance official” (DPCO) who can help citizens and our entity with data practices requests?

4. Does our government entity have a policy and/or procedure that discusses which employee or employees within our entity are responsible for handling data practices issues?

5. Does our government entity have the public document required by Minnesota Statutes, section 13.05, subdivision 1, that identifies our responsible authority and describes the private and confidential data on individuals we maintain?

Discussion Point

1. Do you have a Data Practice policy and procedure at your WFC?

RESOURCES

Resources

Responsible Authority:

Dan McElroy, Commissioner Data Practices Compliance Official:

Deb Serum Deb.Serum@state.mn.us or 651-259-7193 Policy and Procedures Manual:

intraweb.deed.state.mn.us/ref/ppm/ppm601.htm Find out who your Data Practice person is at your

site.

Information & questionsInformation Policy Analysis Division (IPAD) Commissioner of Administration’s advisory opinions IPAD website and information materials IPAD email listserv and Newsletter Informal advice from IPAD Information Policy Analysis Division

www.ipad.state.mn.us 1.800.657.3721 or 651.296.6733 Info.ipad@state.mn.us 201 Administration Building

50 Sherburne Ave.St. Paul, MN 55155

Resource Area (RA) KEY POINTS1. WFCs are responsible for appropriate security

safeguards of public data and appropriate destruction of not public data.

2. One of the elements of the Data Practices Act provides for rights for the public and data subjects.

3. The Tennessen Notice Warning describes how and why data collected is intended to be use, collected and stored, sharing of information, rights and consequences of or not releasing information.

4. Any person who willfully – knowingly – violates Minnesota Statues Chapter 13 is guilty of a penalty.

This completes Learning Objective 3

of Module 2, Unit 1b and training for this unit.

Learning Objective 1: Equal Opportunity

Learning Objective 2: Complaint Process

Leaning Objective 3: Data Privacy Awareness