Ask Reggi Your Question Now
Can you summarize MNST 325E.61?
TRADE PRACTICES > DATA WAREHOUSES; NOTICE REQUIRED FOR CERTAIN DISCLOSURES.
Short Summary
This legal document, part of the Minnesota Statutes on Trade Regulations and Consumer Protection, requires any person or business conducting business in Minnesota and owning or licensing data containing personal information to disclose any breach of the security of the system to affected residents of the state. The disclosure must be made in a timely manner, without unreasonable delay, and consistent with law enforcement needs and measures to determine the scope of the breach and restore data integrity. If a person or business maintains data they do not own, they must notify the owner or licensee of any breach. The document defines ‘breach of the security of the system’ as the unauthorized acquisition of computerized data compromising the security, confidentiality, or integrity of personal information. It also specifies the definition of ‘personal information’ and provides methods for providing notice to affected individuals. The document does not apply to financial institutions and includes provisions for coordination with consumer reporting agencies. Any waiver of the provisions is void and unenforceable, and the attorney general is responsible for enforcement.
Whom does it apply to?
Any person or business that conducts business in Minnesota and owns or licenses data containing personal information
What does it govern?
Disclosure of personal information in the event of a security breach
What are exemptions?
Financial institutions as defined by United States Code, title 15, section 6809(3)
What are the Penalties?
Not specified
Jurisdiction
Minnesota