Trustworthy Information Systems Handbook: Appendix D
Minnesota Laws and Policies Relating to Electronic Records
To ensure that records are properly created, maintained, and disposed, record keeping responsibilities of state and local government officials are well-defined in Minnesota's Statutes (M.S.) and Rules (M.R.):
Official Records Law
Under Minnesota law
all officers and agencies of the state, counties, cities, towns, school districts, municipal subdivisions or corporations, or other public authorities or political entities with the state,… shall make and preserve all records necessary to a full and accurate knowledge of their official activities (M.S. 15.17).
The chief administrative officer of each government agency has the responsibility to protect records and deliver them to successors to assure smooth transition and continuity (M.S. 15.17). When the functions, powers, and duties of a department or agency are assigned or transferred to another department or agency, all records must be transferred to the successor department or agency (M.S. 15.10).
Records Management Law
The term "government records" is defined in M.S. 138.17, Subdivision 1 as
state and local records, including all cards, correspondence, discs, maps, memoranda, microfilms, papers, photographs, recordings, reports, tapes, writings and other data, information or documentary material, regardless of physical form or characteristics, storage media or conditions of use, made or received by an officer or agency of the state and an officer or agency of a county, city, town, school district, municipal subdivision or corporation or other public authority or political entity within the state pursuant to state law or in connection with the transaction of public business by an officer or agency.
Although agencies must keep records, this does not mean all records must be retained permanently. In fact, government employees have a mandated responsibility to dispose of data determined to be unnecessary (M.R. 1205.1500 and M.S. 13.07).
M.S. 138.163 addresses the preservation and disposal of public records, governing the disposition of virtually all records of state and local governmental units in Minnesota except those of the Supreme Court and the University of Minnesota.
M.S. 138.17 outlines the procedures that must be followed to dispose of records that no longer have value to an agency. The statute creates the Records Disposition Panel whose members are the Attorney General, the Legislative Auditor (for state agency records), the State Auditor (for local government records), and the Director of the Minnesota Historical Society. The members of the Panel have the authority to determine retention periods for records, to approve their destruction, or to direct that records of long-term legal, fiscal, administrative, or historical value be preserved by the governmental unit or at the State Archives. A records management program is administered by the state commissioner of administration according to M.S. 138.17, Subdivision 7. The Minnesota State Archives was created pursuant to M.S. 138.161.
Occasionally, special statutes state how long certain records must be retained. However, M.S. 138.17 takes precedence over any such law unless records are specifically exempted from M.S. 138.17. That is, unless a statute says that a record is exempt from M.S. 138.17, the retention period listed serves only as a guideline. The Records Disposition Panel has the sole authority to approve a records retention period.
Minnesota Government Data Practices Act
All Minnesota government employees should be acquainted with the major provisions of the Minnesota Government Data Practices Act (M.S. 13). The only governmental units exempt from the requirements of the statute are townships.
The Act balances the often conflicting interests of government efficiency, individuals' right to privacy, openness in government, and freedom of information for the public and the media. Except in special instances, the Act does not govern data handling in the private sector.
The Act establishes a "data classification system." Eight categories classify and label government data in terms of who is authorized to gain access (M.S. 13.02). Unless specifically noted otherwise, all government data is accessible to the public for any reason (M.S. 13.03).
As defined by the Act, the responsible authority is an individual in each governmental agency who is required to perform the duties necessary to implement and administer the Act. M.S. 13.05 details most of these responsibilities.
M.S. 13.04 guarantees certain rights to individuals on whom the government maintains data. M.S. 13.04, Subdivision 2 discusses the requirements of what is known as the "Tennessen Warning," a notification statement supplied to individuals when private or confidential information is being asked of them. M.S. 13.08 offers protection in the form of civil remedies to individuals who feel that a government agency is violating or not properly administering the provisions of the Act.
M.S. 13.03, Subdivision 3 explains the procedure that government agencies must follow when receiving a request for records from the public. The responsible authority of the agency must provide copies of public data to a requester in a timely manner. Costs for this service may not exceed the actual costs of searching for and retrieving the records and may not include charges for separating public from not-public data. If the request is denied, a citation to the specific statutory section, temporary classification, or federal law must be given. Upon receipt of such denial, the requester may file court action to compel the release of the data.
Access and Security Laws and Policies
Under the Minnesota Government Data Practices Act (M.S. 13) and the Department of Administration's rules (M.R. 1205), all data collected, created, received, maintained, or disseminated by any government agency (e.g., state agency, political subdivision, or statewide system) must be made accessible to the public unless the data is classified as inaccessible by state statute, federal statute or temporary classification. Agencies must establish written procedures to assure properly controlled access to private and confidential data (M.R. 1205.0400, Subpart 3 and M.R. 12.0600, Subpart 3).
M.S. 13.05, Subdivision 5 addresses the protection of data, stipulating that the responsible authority shall
(1) establish procedures to assure that all data on individuals is accurate, complete, and current for the purposes for which it was collected; and (2) establish appropriate security safeguards for all records containing data on individuals.
Moving beyond the simple establishment of procedures, agencies must prepare and distribute directives requiring compliance and provide related training to staff (M.R. 1205.1300, Subpart 5).
Uniform Electronic Transactions Act
Enacted in 2000, the Minnesota Uniform Electronic Transactions Act (UETA) (M.S. 325L) facilitates electronic commerce and electronic government services by legally placing electronic records and signatures on equal footing with their paper counterparts. The law does not require the use of electronic records and signatures but, rather, allows for them where agreed upon by all involved parties. While technology neutral, the law stipulates that all such records and signatures must remain trustworthy and accessible for as long as required. Along a similar vein, the federal Electronic Signatures in Global and National Commerce (E-Sign) Act (U.S. Public Law 106-229) also encourages the use of electronic documents and signatures, although it goes further to provide some guidelines regarding standards and formats.
Other Relevant Statutes and Rules
Article 9 of Rules of Evidence (Authentication and Verification), Minnesota Statutes: Court Rules, 1998.
M.S. 325K (Secretary of State Administrative Rule: Electronic Authentication).
Chapter 8130.7500, Subpart 8 (Department of Revenue, Sales and Use Taxes: Returns and Records—Electronic Data Processing Records). Rules. 1997.
TIS Handbook last updated July 2002, Version 4.
Links verified January 20, 2011.