Page 9 - Privacy

Page 9 - Privacy_Program

P. 9

OVERVIEW OF MINNESOTA GOVERNMENT DATA PRACTICES ACT (MGDPA)

INFORMATION STANDARDS [DP101]
Back to Table of Contents

Scope: Enterprise
Distribution: Executive Leadership Team, Director of Information Technology, Privacy and Data Security Data
Purpose: To comply with Minnesota Government Data Practices Act (“MGDPA”) requirements to the extent applicable to
GESMN, including providing access to Public Data to members of the public, providing access to Private Data to the subject of
that data and safeguarding Private and Confidential Data from use or disclosure in violation of the MGDPA. This Policy
provides an overview of those MGDPA requirements and cites additional GESMN policies that address specific MGDPA
requirements in more detail.

DP‐102 applies to services and programs that have contracts with the State of Minnesota or other county or local government
agencies (e.g., Minneapolis Employment and Training Program, Hennepin County, Ramsey County, Extended Employment and
others) and staff in divisions that provide support services (e.g., Finance, Legal, IT) to the extent that they collect, store,
disseminate or use “Private Data” or “Confidential Data” to provide contracted services to the State or other county or local
government entities (Minnesota Administrative Rule 12.05.0100 subpart 4.) DP101.1 through DP101.3 do not apply to data
generated independent of the contractually based activities performed for the State. (Minn. Admin. Rule 12.05.0100 subpart
4.) DP101.4 through DP101.21 apply to all data within Services and Programs, other than information covered under DP102 –
HIPAA Protected Health Information Safeguards.
External Regulation or Standard: Minnesota Government Data Practices Act (MGDPA)

Who is Responsible Statement Policy, Standard, or Procedure Statement
Number
Executive Team DP101.1 MGDPA Responsible Authority and Data Practices Compliance Official.
MGDPA requires all entities covered by the MGDPA to designate a Responsible
Authority to be responsible for compliance with MGDPA. (Minn. Stat. 13.02
subd. 16.) MGDPA also requires all entities covered by the MGDPA to designate
a Data Practices Compliance Official to respond to questions or concerns about
data access or other data problems. (Minn. Stat. 13.02 subd. 13.) GESMN’s
Director of Information Technology, Privacy and Data Security is the MGDPA
Responsible Authority and Data Practices Compliance Official.
Director of Information DP101.1.a The Responsible Authority must develop and implement a plan for reviewing
Technology, Privacy and and analyzing Government Data administration, including determining need
Data Security for Government Data and disposing of Government Data determined not to be
necessary in accordance with the Minnesota Records Management Act.
(Minn. Admin. Rule 1205.1500.)

Director of Information DP101.1.b The Responsible Authority has the power to: (a) implement the rules within
Technology, Privacy and GESMN to comply with MGDPA; (b) make good faith attempts to resolve all
Data Security administrative controversies regarding the Government Data; (c) prescribe
changes to the administration of GESMN programs, procedures or forms to
comply with MGDPA; (d) take administrative actions necessary to comply with
MGDPA; and (e) delegate responsibilities to other staff (but will need to
instruct them on the MGDPA and provide training. (Minn. Admin. Rule
1205.1100 subpart 3 and 1205.0900.)

GES CONFIDENTIAL 9

4 5 6 7 8 9 10 11 12 13 14