MN HF4084

Secretary of state may retain two percent of statutory fees collected to maintain and enhance information technology systems and cybersecurity, deposited in a special revenue fund.

Statewide voter registration system must require multifactor authentication for all users and be accessible only to county auditors who complete required training.

Voting system vendors must provide source code to secretary of state and submit to cybersecurity assessments by independent third-party evaluators to identify security vulnerabilities.

Vendors must notify secretary of state within three calendar days of discovering possible cybersecurity or information security incidents, and local election officials must immediately notify secretary of state of incidents impacting election data or systems.

Secretary of state must conduct security expert assessment of data exchange partnerships with counties, cities, Department of Public Safety, Social Security Administration, and State Court Administrator's Office.