5.e)1) Staff Report-Data Practices PolicyC
SCANDIA
Staff Report
Date of Meeting: June 16, 2015
To: City Council
From: Brenda Eklund, Deputy Clerk
Re: Data Practices Policy
Background: Last year the Legislature made changes to state data practices law regarding access
to data that is not public. The League of MN Cities recommends that all cities make compliance
with the new law a priority.
Issue: Should the City adopt a Data Practices Policy to establish procedures that ensure the
security of not public data?
Proposal Details: State data practices law defines "not public data" as any government data
classified by law as confidential, private, nonpublic, or protected nonpublic. Governmental
entities must establish additional security measures "ensuring that data that are not public are
only accessible to persons whose work assignment reasonably requires access to the data, and is
only being accessed by those persons for purposes described in the procedure" (Minnesota
Statutes, section 13.05, subdivision 5). This requires government entities to create procedures to
identify which employees have access to not public data and to develop a policy incorporating
these procedures. One way to meet the requirements of the new law is to list employee work
assignments that include access to "not public" data in an entity data inventory, and to establish a
"Policy for Ensuring the Security of Not Public Data." The policy, in conjunction with the data
inventory, is designed to prevent employees from accessing not public data unless they have a
legitimate work reason to do so.
The proposed policy and data inventory is attached. As employee position descriptions are
updated in the future, provisions for accessing not public data when work assignments
reasonably require access to the data will be added to the descriptions.
Fiscal Impact:
None
Options:
1) Adopt the Policy for Ensuring the Security of Not Public Data.
2) Amend the Policy and then adopt the Policy.
3) Do not adopt the Policy.
Recommendation:
Option 1.