MN HF4270

Requires government entities to establish procedures that record all actions involving not public data, including creation, receipt, changes, access, sharing, and dissemination in a data audit trail.

Audit trails must document the date of action, identity of the person interacting with data, identity of sending entities for received data, and identity of receiving entities for shared or disseminated data.

Audit trail data must be classified the same as the underlying data being tracked.

Audit trails must be retained for at least ten years or until the underlying data is destroyed according to the government entity's approved records retention schedule, superseding section 138.17.

Effective August 1, 2023, and intended as general requirements that do not conflict with or supersede other specific audit trail requirements in state law.