Can I prioritize privacy compliance to gain a competitive advantage, reduce the possibility of regulatory issues, and help secure valuable partnerships in Minnesota? What are the requirements?

Prioritizing Privacy Compliance in Minnesota

Yes, prioritizing privacy compliance can provide a competitive advantage, reduce the possibility of regulatory issues, and help secure valuable partnerships in Minnesota.

Requirements for Privacy Compliance

To comply with privacy regulations in Minnesota, entities must follow the applicable state and federal laws. For example, MNsure requires navigators, in-person assisters, certified application counselors, or insurance producers to annually attest that their data security and privacy practices are compliant with the applicable federal and state laws and supportive of MNsure data security and privacy practices ^[1.1]. MNvest issuers and portal operators must take reasonable steps to ensure that purchasers’ financial and personal information is properly secured, including having a written cybersecurity policy that outlines their policies and procedures for preventing cybersecurity attacks and data breaches, responding to such incidents, and demonstrating implementation of the policy ^[3.2].

Entities must also establish written procedures to assure that access to confidential data is granted only to individuals within the entity whose work assignments reasonably require access and to entities and agencies who are authorized by statute or federal law to gain access to that specific data ^[4.1]. The responsible authority must determine for each type of record, file, or process whether the data contained therein was collected prior to, on, or subsequent to August 1, 1975, and review the legal enabling authority which mandates or necessitates the collection of the data ^[4.2].

To authorize a new purpose for the collection of private or confidential data or a new use for such data, the responsible authority must comply with the provisions of Minnesota Statutes, section 13.05, subdivision 4, clause (a), (c), or (d), which include filing a statement in a form prescribed by the commissioner, obtaining informed consent from the data subject, or complying with subsequent passage of federal or state legislation requiring initiation of a new or different purpose or use ^[4.3].

MNsure is also subject to all provisions of chapter 13 of the Minnesota Government Data Practices Act, and the data collected, created, or maintained by MNsure are classified as private data on individuals or nonpublic data ^[5.1].

Additional Requirements

In addition to the above requirements, businesses in Minnesota must also comply with the following data privacy and record-keeping requirements:

• Financial statements, business plans, income and expense projections, customer lists, and market and feasibility studies not paid for with public funds submitted to the office by businesses are private data on individuals or nonpublic data ^[2.1].
• Investment advisers registered or required to be registered under the Minnesota Securities Act must make and keep true, accurate, and current books, ledgers, and records, including written procedures to supervise the activities of employees and investment adviser representatives that are reasonably designed to achieve compliance with applicable securities laws and regulations ^[3.1].
• Any person who indicates that they are a “financial planner,” “financial counselor,” “financial adviser,” “investment counselor,” “estate planner,” “investment adviser,” “financial consultant,” or any other similar designation or title or combination thereof, is considered to be representing themselves to be engaged in the business of financial planning. Such persons must provide a disclosure document to the client that contains information about their compensation, identification of companies and/or affiliates that supply products or services offered or sold by the person, licenses held by the person, and the specific identity of any financial products or services, by category, that the person is authorized to offer or sell ^[3.3].

Conclusion

Prioritizing privacy compliance can provide a competitive advantage, reduce the possibility of regulatory issues, and help secure valuable partnerships in Minnesota. To comply with privacy regulations, entities must follow the applicable state and federal laws, establish written procedures, and obtain informed consent when authorizing new purposes for the collection of private or confidential data. Additionally, businesses in Minnesota must comply with data privacy and record-keeping requirements related to financial statements, investment advisers, and financial planning.

Source(s):

• [1.1] PRIVACY AND SECURITY.
• [2.1] DATA PRIVACY.
• [3.1] RECORD-KEEPING REQUIREMENTS.
• [3.2] PROTECTION OF PURCHASER INFORMATION.
• [4.1] ACCESS TO CONFIDENTIAL DATA.
• [3.3] REGULATION OF BUSINESS OF FINANCIAL PLANNING.
• [4.2] DUTIES OF THE RESPONSIBLE AUTHORITY IN ADMINISTERING PRIVATE AND CONFIDENTIAL DATA.
• [4.3] AUTHORIZING NEW PURPOSES FOR DATA COLLECTION.
• [5.1] DATA PRACTICES.

Jurisdiction

Minnesota

• Privacy