5.e)1) Policy for Ensuring the Security of Not Public DataCity of Scandia Policy for Ensuring the
Security of Not Public Data
Legal requirement
The adoption of this policy by the City of Scandia satisfies the requirement in Minnesota
Statutes, section 13.05, subd. 5, to establish procedures ensuring appropriate access to not public
data. By incorporating employee access to not public data in the City of Scandia's Data
Inventory (required by Minnesota Statutes, section 13.025, subd. 1), in the individual employee's
position description, or both, the City of Scandia's policy limits access to not public data to
employees whose work assignment reasonably requires access.
Please direct all questions regarding this policy to the City of Scandia's Data Practices
Compliance Official (DPCO):
Kristina Handt
k.handt&ci. scandia.mn.us
Phone: 651.433.2274
Fax: 651.433.5112
14727 209' St N.
Scandia, MN 55073
Procedures implementing this policy
Data inventory
Under the requirement in Minnesota Statutes, section 13.025, subd. 1, the City of Scandia has
prepared a Data Inventory which identifies and describes all not public data on individuals
maintained by the City of Scandia. To comply with the requirement in section 13.05, subd. 5, the
City of Scandia has also modified its Data Inventory to represent the employees who have access
to not public data.
In the event of a temporary duty as assigned by a manager or supervisor, an employee may
access certain not public data, for as long as the work is assigned to the employee.
In addition to the employees listed in the City of Scandia's Data Inventory, the Responsible
Authority, the Data Practices Compliance Official (DPCO), the Data Practices Designees, and
the City Attorney may have access to all not public data maintained by the City of Scandia if
necessary for specified duties. Any access to not public data will be strictly limited to the data
necessary to complete the work assignment.
Employee position descriptions
Position descriptions may contain provisions identifying any not public data accessible to the
employee when a work assignment reasonably requires access.
Data sharing with authorized entities or individuals
State or federal law may authorize the sharing of not public data in specific circumstances. Not
public data may be shared with another entity if a federal or state law allows or mandates it.
Individuals will have notice of any sharing in applicable Tennessen warnings (see Minnesota
Statutes, section 13.04) or the City of Scandia will obtain the individual's informed consent. Any
sharing of not public data will be strictly limited to the data necessary or required to comply with
the applicable law.
Ensuring that not public data are not accessed without a work assignment
Within the City of Scandia, departments may assign tasks by employee or by job classification.
If a department maintains not public data that all employees within its department do not have a
work assignment allowing access to the data, the department will ensure that the not public data
are secure. This policy also applies to departments that share workspaces with other departments
within the City of Scandia where not public data are maintained.
Recommended actions for ensuring appropriate access include:
Assigning appropriate security roles, limiting access to appropriate shared network
drives, and implementing password protections for not public electronic data
Password protecting employee computers and locking computers before leaving
workstations
Securing not public data within locked work spaces and in locked file cabinets
Shredding not public documents before disposing of them
Penalties for unlawfully accessing not public data
The City of Scandia will utilize the penalties for unlawful access to not public data as provided
for in Minnesota Statutes, section 13.09, if necessary. Penalties include suspension, dismissal, or
referring the matter to the appropriate prosecutorial authority who may pursue a criminal
misdemeanor charge.
Data on Individuals
Maintained by the City of Scandia
June 2015
This document identifies the name, title and address of the Responsible Authority for the City of Scandia and describes private or
confidential data on individuals maintained by the City of Scandia (see Minn. Stat. 13.05 and Minn. Rules 1205.1200).
This document is also part of the City of Scandia's procedures for ensuring that not public data are only accessible to individuals
whose work assignment reasonably requires access (see Minn. Stat. 13.05, subd. 5). In addition to the employees listed, the
Responsible Authority, the Data Practices Compliance Official (DPCO), the Data Practices Designees, and the City Attorney may
have access to all not public data maintained by the City of Scandia if necessary for specified duties. Any access to not public data
will be strictly limited to the data necessary to complete the work assignment.
City of Scandia's Responsible Authority is:
Kristina Handt
k.handt(&ci. scandia.mn.us
14727 209th St N.
Scandia, MN 55073
Phone: 651.433.2274
Fax: 651.433.5112
Direct all questions about this document to City of Scandia's
Data Practices Compliance Official (DPCO):
Kristina Handt
k.handt@ci.scandia.mn.us
14727 209th St N.
Scandia, MN 55073
Phone: 651.433.2274
Fax: 651.433.5112
Data Maintained by the City of Scandia
Name of Record, File, Process,
Description (Understandable to
Data Classification
Citation for
Employee Work Access
Form or Data Type
General Public)
Classification
Advisory Committee Member
Data pertaining to advisory committee
Public
MS 13.601
Certain employees on an as needed basis
data
applicants and appointees
Private
as part of specific work assignments
Confidential
Applicant Records
Completed assessments and results, related
Public
MS 13.43
Certain employees on an as needed basis
documentation, and application forms
Private
as part of specific work assignments
Attorney Data
Data related to attorney work product or
Private
MS 13.393
Certain employees on an as needed basis
data protected by attorney-client privilege
as part of specific work assignments
Benefits Enrollment Forms
Employees' medical, dental, deferred
Private
MS 13.43
Certain employees on an as needed basis
compensation, etc. election forms
as part of specific work assignments
Building Permit Applications
Data received from individuals during the
Public
MS 13.37
Certain employees on an as needed basis
process of applying for building permits
Non -Public
as part of specific work assignments
Candidate and Elected
Data about candidates for office or elected
Public
MS 13.601
Certain employees on an as needed basis
Official data
officials
Private
as part of specific work assignments
City Council Member data
Data pertaining to City Council members
Public
MS 13.601
Certain employees on an as needed basis
Private
as part of specific work assignments
Confidential
Civil Investigation data
Data that are collected in order to start or
Confidential
MS 13.39
Certain employees on an as needed basis
defend a pending civil legal action, or
Private
as part of specific work assignments
because a civil action is expected
Claims
Claims filed by or against the city
Public
MS 13.43
Certain employees on an as needed basis
Private
as part of specific work assignments
Complaints by citizens
The identity of individuals who register
Confidential; the
MS 13.44
Certain employees on an as needed basis
complaints with government entities
data becomes public
as part of specific work assignments
concerning violations of state laws or local
when submitted to
ordinances concerning the use of real
a court-appointed
property.
condemnation
commissioner or the
data is presented in
court for a
condemnation
proceeding
Name of Record, File, Process,
Description (Understandable to
Data Classification
Citation for
Employee Work Access
Form or Data Type
General Public)
Classification
Continuity of Operations
Personal home contact information used to
Private
MS 13.43,
Certain employees on an as needed basis
ensure that an employee can be reached in
subd 17
as part of specific work assignments
the event of an emergency or other
disruption affecting continuity of operation
of a government entity.
Correspondence
Letters and electronic correspondence
Public
Various
Certain employees on an as needed basis
Private
as part of specific work assignments
Confidential
Data on individuals
Data that would identify an individual
Private
MS 181.932,
Certain employees on an as needed basis
reporting a violation, suspected violation,
subd 2
as part of specific work assignments
or planned violation of any federal or state
law or common law or rule adopted
pursuant to law to an employer or to any
governmental body or law enforcement
official;
Data on individuals
Data that would identify an employee who
Private
MS 181.932,
Certain employees on an as needed basis
Is requested by a public body or office to
subd 2
as part of specific work assignments
participate in an investigation, hearing, or
inquiry
Data on individuals with
Data that identify an individual with a
Private
MS 13.64,
Certain employees on an as needed basis
disabilities
disability or a family member of an individual
subd 2
as part of specific work assignments
with a disability
Deferment Application
Information collected on individuals for the
Private
MS 13.51,
Certain employees on an as needed basis
purpose of processing a deferment
Non -Public
subd 2
as part of specific work assignments
application
MS 13.52
Drug and Alcohol Testing
Employees' test results
Public
MS 13.43
Certain employees on an as needed basis
results
Private
as part of specific work assignments
Employee expense reports
Expense reimbursement requests
Public
MS 13.43
Certain employees on an as needed basis
Private
as part of specific work assignments
Employment Eligibility
1-9 Forms submitted by employees
Private
MS 13.43
Certain employees on an as needed basis
Verification/1-9 Form
as part of specific work assignments
Examination File
Completed exams administered to
Private
MS 13.43
Certain employees on an as needed basis
applicants & promotional exams
as part of specific work assignments
administered to employees
Family Medical Leave
Data on employees regarding FMLA
Private
MS 13.43
Certain employees on an as needed basis
Documents
as part of specific work assignments
Name of Record, File, Process,
Description (Understandable to General
Data Classification
Citation for
Employee Work Access
Form or Data Type
Public)
Classification
Garnishments
Data collected on employees relating to child
Private
MS 13.43
Certain employees on an as needed basis
support and/or spousal maintenance
as part of specific work assignments
Government services
Credit card, charge card, debit card and
Private
MS 16A.626
Certain employees on an as needed basis
transactions data
other electronic transactions
as part of specific work assignments
Grievance files
Formal written employee grievance and/or
Public
MS 13.43
Certain employees on an as needed basis
complaint filed under a labor agreement or
Private
as part of specific work assignments
personnel rules, and received by the City.
Internal audit data
Data created, collected, and maintained for
Public
MS 13.392
Treasurer
the purpose of performing audits and/or
Private
MS 13.43
City Administrator
relating to an audit or investigation;
Confidential
MS 13.37
Auditor
working papers gathered or generated until
the final report is published or audit
becomes inactive.
Labor Relations information
Management positions that have not been
Private
MS 13.37,
Certain employees on an as needed basis
presented during the collective bargaining
Confidential
subd 1(a)
as part of specific work assignments
process or interest arbitration, including
information collected or created to prepare
the management position
License, permit applications
Telephone numbers, home addresses,
Public
MS 13.03
Certain employees on an as needed basis as
e-mail addresses, and other types of
part of specific work assignments
contact or personal information from
citizens on license forms, building permits,
and various other materials
Medical data
Medical data of employees disclosed for
Private
MS 13.384
Certain employees on an as needed basis
the purpose of administering claims
subd, 3
as part of specific work assignments
Motor Vehicle data
Information on license plate numbers,
Private
MS 168.346
Certain employees on an as needed basis
owners, and registration status of vehicles
as part of specific work assignments
Personal contact and online
Telephone number, email address and
Private
MS 13.356
Certain employees on an as needed basis
account information
usernames and passwords collected,
as part of specific work assignments
maintained, or received by a government
entity for notification purposes or as part
of a subscription list for an entity's
electronic periodic publications as
requested by the individual.
Name of Record, File, Process,
Description (Understandable to General
Data Classification
Citation for
Employee Work Access
Form or Data Type
Public)
Classification
Personnel Data
Data about employees, applicants,
Public
MS 13.43
Certain employees on an as needed basis
volunteers and independent contractors;
Private
179A.03,
as part of specific work assignments
labor relations information
Confidential
subd 4
Real property appraisal
Estimated or appraised values of individual
Confidential
MS 13.44,
Certain employees on an as needed basis
data (a)
parcels of real property that are made by
Public
subd 3(a),3(c)
as part of specific work assignments
personnel of the state or a political
subdivision or by independent appraisers
for the purpose of selling or acquiring land
through purchase or condemnation
Real property appraisal
Appraised values of individual parcels of
Private
MS 13.44,
Certain employees on an as needed basis
data (b)
real property that are made by appraisers
Public
subd 3(b),3(c)
as part of specific work assignments
working for fee owners or contract
purchasers who have received an offer to
purchase their property from the state or a
political subdivision
Recreational Programs data
Enrollment data that identifies the names,
Private
MS 13.548
Certain employees on an as needed basis
addresses, telephone numbers, or
Public
as part of specific work assignments
any other data that identifies an individual
enrolled in city recreational or
social programs
Rehabilitation data
Data collected that pertain to individuals
Private
MS 13.791
Certain employees on an as needed basis
applying for or receiving rehabilitation
as part of specific work assignments
services
Reprimands/Disciplinary
Data collected on employees regarding
Public
MS 13.43
Certain employees on an as needed basis
action
reprimands and/or disciplinary action
Private
as part of specific work assignments
Response to Data Requests
Data collected by Data Practices
Public
Various
Responsible Authority
Compliance Official in responding to
Private
Data Practices Compliance
requests for data
Official/Designee(s)
Responses to requests for
Responses submitted are private until the
Private
MS 13.599
Certain employees on an as needed basis
proposal
responses are opened. All other data on
Public
as part of specific work assignments
individuals are private until completion of
the evaluation process. If all responses are
rejected prior to completion of the
evaluation process, all data, other than that
made public at the opening, are private
until resolicitation or abandonment of the
project.
Name of Record, File, Process,
Description (Understandable to General
Data Classification
Citation for
Employee Work Access
Form or Data Type
Public)
Classification
Responses to Requests for
Responses to Requests for Proposals (RFPs)
Public
MS 13.591
Certain employees on an as needed basis
Proposals (RFPs) and requests
and requests for bids
Private
as part of specific work assignments
for bids
Responses to Requests for
Trade secret data in response to Requests
Private
MS 13.37
Certain employees on an as needed basis
Proposals (RFPs) and requests
for Proposals (RFPs) and requests for bids
as part of specific work assignments
for bids
Security Information
Data that would substantially jeopardize
Private
MS 13.37
Certain employees on an as needed basis
the security of information, possessions,
as part of specific work assignments
individuals or property against theft,
tampering, improper use, attempted
escape, illegal disclosure, trespass, or
physical injury, if the data were released
to the public.
Social Security numbers
Social Security numbers assigned to
Private
MS 13.355
Certain employees on an as needed basis
individuals
as part of specific work assignments
Travel expense/per diem
Travel expense reimbursement requests
Public
MS 13.601
Certain employees on an as needed basis
reports for council,
Private
MS 13.43
as part of specific work assignments
commission, and board
members
Unemployment compensation
Records of billings from DEED for employee
Private
MS 13.43
Certain employees on an as needed basis
billings
unemployment compensation
as part of specific work assignments
Utility customer data
Data collected on individual public utility
Private
MS 13.679
Certain employees on an as needed basis
customers or prospective customers,
as part of specific work assignments
including copies of tax forms, needed to
administer federal or state programs that
provide relief from public utility bills,
or cold weather disconnection.
Workers compensation
Records of billings for employees who
Private
MS 13.43
Certain employees on an as needed basis
billings and information
receive workers compensation benefits
as part of specific work assignments