MN SF4239

Requires government entities' responsible authorities to establish procedures that record all actions involving not public data, including creation, receipt, changes, access, sharing, and dissemination in a data audit trail.

Mandates audit trails must record the date of action, identity of person interacting with data, identity of sending entity for received data, and identity of receiving entity or person for shared or disseminated data.

Classifies audit trail data with the same classification as the underlying data being tracked.

Requires audit trails be retained for a minimum of 10 years or until the underlying data is destroyed per the government entity's approved records retention schedule, notwithstanding section 138.17.

Becomes effective August 1, 2023, and is intended as general requirements that do not supersede or conflict with other particular audit trail requirements in state law.