Chapter 13

The Minnesota Government Data Practices Act and Contested Case Hearings

13.7 Duties of Responsible Authority

Download a PDF of Section 13.7

The responsible authority in a government entity is the individual designated as being responsible for the collection, use, and dissemination of any data.[1] Specific duties are imposed on the responsible authority by the Data Practices Act, including the duty to:

  • 1. Keep records containing government data in an arrangement and condition that will make them easily accessible for convenient use;[2]
  • 2. Establish procedures to insure that requests for government data are received and complied with in an appropriate and prompt manner;[3]
  • 3. Appoint one or more designees, if desirable;[4]
  • 4. Appoint or designate an employee of the government entity to act as the entity’s data practices compliance official;[5]
  • 5. Prepare a data inventory containing the responsible authority’s name, title, and address and a description of each category of record, file, or process relating to private or confidential data on individuals maintained by the government entity;[6]
  • 6. Assure that the collection and storage of all data on individuals and the use and dissemination of private and confidential data on individuals is limited to that necessary for the administration and management of programs specifically authorized by the legislature or the local governing body or mandated by the federal government;[7]
  • 7. Assure that private or confidential data on an individual is not collected, stored, used, or disseminated for any purposes other than those stated to the individual at the time of collection in accordance with Minnesota Statutes section 13.04;[8]
  • 8. Establish procedures to assure that all data on individuals is accurate, complete, and current for the purposes for which the data was collected;[9]
  • 9. Establish appropriate security safeguards for all records containing data on individuals, including procedures for ensuring that data that are not public are only accessible to persons whose work assignment reasonably requires access to the data, and is only being accessed by those persons for purposes described in the procedure and develop a policy incorporating these procedures, which may include a model policy governing access to the data if sharing of the data with other government entities is authorized by law;[10]
  • 10. Prepare a written data access policy and update it no later than August 1 of each year, and at any other time as necessary to reflect changes in personnel, procedures, or other circumstances that impact the public’s ability to access data; and[11]
  • 11. Prepare a public document setting forth the rights of data subjects and the specific procedures in effect for access by data subjects to public or private data on individuals.[12]

These specific duties of the responsible authority are consistent with the overall purpose of the Data Practices Act — to control the collection, security, and dissemination of information in order to protect the privacy of individuals while meeting the legitimate needs of government and society for information.[13] To assist the responsible authority in each government entity, the data practices compliance official answers questions about access to data for the entity.[14] Failure of the responsible authority to fulfill these duties may result in a cause of action against the responsible authority as discussed in the next section.

[1] Minn. Stat. § 13.02, subd. 16 (2014).

[2] Id. § 13.03, subd. 1.

[3] Id. subd. 2(a). The procedures are required to be in writing and copies must be easily available. Id.(b).

[4] Minn. Stat. § 13.03, subd. 2(b) (2014).

[5] Id. § 13.05, subd. 13.

[6] Id. § 13.025, subd. 1.

[7] Id. § 13.05, subd. 3.

[8] Id., subd. 4.

[9] Id., subd. 5(a).

[10] Id.

[11] Id. § 13.025, subd. 2.

[12] Id., subd. 3.

[13] Minn. Med. Ass’n v. State, 274 N.W.2d 84, 87 (Minn. 1978).

[14] Minn. Stat. § 13.05, subd. 13 (2014).