MN HF183

Establishes data access security procedures requiring government entities to ensure non-public data is only accessible to employees whose work assignments reasonably require it and is accessed only for authorized purposes.

Requires government entities to prepare and disclose investigation reports following data security breaches involving unauthorized employee access, including the type of data compromised, number of affected individuals, names of responsible employees, and disciplinary actions taken.

Expands criminal penalties for unauthorized acquisition of non-public data to include knowing access or viewing of data, making such violations a misdemeanor and grounds for suspension or dismissal of public employees.

Mandates annual comprehensive security assessments of personal information maintained by government entities and requires notification to affected individuals in the most expedient time possible following discovery of data breaches.

Makes public the names of law enforcement agencies submitting data to the CIBRS database and general descriptions of the types of data submitted, while maintaining confidentiality of the data itself during active investigations.