Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance

Can I ignore my obligations as a service provider with access to personal information in Minnesota? What are the requirements?

October 18, 2023

Based on the provided context documents, as a service provider with access to personal information in Minnesota, you cannot ignore your obligations. You are required to take reasonable steps to maintain the security and privacy of a consumer’s personally identifiable information ^[2.4]. Additionally, an Internet service provider shall disclose personally identifiable information concerning a consumer only in specific circumstances, such as pursuant to a court order or subpoena ^[2.1]^[2.2].

To disclose personally identifiable information, the Internet service provider must obtain the consumer’s authorization in writing or by electronic means. The request for authorization must reasonably describe the types of persons to whom personally identifiable information may be disclosed and the anticipated uses of the information. In order for an authorization to be effective, a contract between an Internet service provider and the consumer must state either that the authorization will be obtained by an affirmative act of the consumer or that failure of the consumer to object after the request has been made constitutes authorization of disclosure ^[2.2].

Regarding changes in service or provider, a local service provider must comply with Minnesota Statutes, section 237.66, with respect to changes in a customer’s local service provider ^[1.1].

In summary, as a service provider with access to personal information in Minnesota, you have obligations to maintain the security and privacy of consumer information and to disclose personally identifiable information only in specific circumstances. You also have obligations to provide certain basic services to all customers within your service area.

Source(s):

Jurisdiction

Minnesota

Privacy