MN SF211

Requires individuals to receive notice of who has accessed their private data upon request, with exceptions for undercover law enforcement officers and active investigative data.

Mandates government entities establish security procedures ensuring non-public data is only accessible to employees whose work assignments require access and only for authorized purposes.

Requires government entities to prepare and publicly post investigation reports following data breaches involving unauthorized employee access, including data descriptions, number of affected individuals, employee names (after final disciplinary disposition), and disciplinary outcomes.

Expands the definition of unauthorized access to include accessing data for purposes not described in required procedures, regardless of work assignment.

Makes knowing unauthorized acquisition of non-public data a misdemeanor and clarifies that willful violations by public employees constitute just cause for suspension without pay or dismissal.