MINNESOTA
GOVERNMENT DATA
PRACTICES ACT
How the law affects University employees
and recordkeeping
Susan McKinney
Records & Information Management
WHAT IS THE MGDPA?
The Minnesota Government Data Practices Act,
Minnesota Statutes Chapter 13, regulates the
handling of all government data that are
created, collected, received, maintained or
disseminated by a government agency.
WHAT IS DATA?
Government data means all data collected,
created, received, maintained or
disseminated by any state agency, political
subdivision or statewide system regardless of
its physical form, storage media or conditions
of use.
M.S. 13.02, subd. 7
WHAT DOES THIS MEAN?
Information can take many formats, and
includes:
 Electronic Mail
 Desk Notes
 Correspondence
 Photographs
 Any information on electronic media
 Any information maintained in paper format
ACCESS TO DATA
M.S. 13.03
Subdivision 1. Public data.
All government data collected, created,
received, maintained or disseminated by a
government entity shall be public unless
classified by statute, or temporary
classification pursuant to section 13.06, or
federal law, as nonpublic or protected
nonpublic, or with respect to data on
individuals, as private or confidential.
UNIVERSITY POLICIES
GOVERNING ACCESS TO DATA
 Internal Access to University Information
 Public Access to University Information
 Managing University Records and Information
CLASSIFICATION OF DATA
Government Data is classified into the following
categories:
 PUBLIC DATA
 PRIVATE DATA
 CONFIDENTIAL DATA
EXAMPLES OF PUBLIC DATA
 Course Offerings
 Budgets
 Salaries
 Invoices
 Student Directory Information as defined by
BOR Policy, if not supressed.
 Expense reimbursements
 Employee ID number
EXAMPLES OF PRIVATE
DATA
 Social Security Number
 Employee Home Address
 Parking Leases
 Student Grades
 Attorney-Client Information
 Electronic Access Data
 PHI
COMPUTER DATA
 Rely on content of data to determine privacy
of the information
 Majority of information stored in electronic
form is public.
 Web Sites that collect data about individuals,
including cookies, must provide a notice to
users explaining how the data will be used
and how it may be disseminated.
SOCIAL MEDIA
 Facebook, MySpace, Plaxo, LinkedIn, etc.
 Blogs
 Instant Messaging/On-line Chat
 Smart Phones
 Text Messages
 Twitter
 Guidelines for Use of Smart Phones
E-MAIL
 Considered a University record.
 Considered public unless contains
information made private by law.
 Subject of the information almost always has
the right to see the data.
 Important to maintain professionalism when
sending and responding to emails.
 Ownership of the computer system does not
matter
RETENTION OF EMAIL
RECORDS
 Much email can be destroyed once the
administrative purpose is completed.
 Examples of emails that should be deleted:





Transitory or routine messages
Telephone messages
Meeting notices
Duplicate messages send as information only
Routine announcements or information
RETENTION OF EMAIL
MESSAGES
 Examples of Email messages that should be kept
through the retention period:
 Email that sets or communicates policy or
procedure
 Email that communicates who, what, why, when,
where and how a transaction or decision was
made
 Email that documents personnel or employment
decisions, or monitors personnel behavior,
consultation or progress
 Email that documents changes in terms or
condition of contracts, grants, projects or services
DESTRUCTION OF
UNIVERSITY RECORDS
 Hard copy records can be destroyed using either
recycling, confidential recycling or shredding
 Records containing social security numbers, credit
card numbers or private health data must be
shredded.
 Records containing other private data may use the
University’s confidential recycling service
 Public records may be recycled
 Desktop electronic records and email can be sent to
the recycle bin – make sure to empty!
UM PRIVACY POLICIES






Internal Access to Information
Public Access to Information
Regent’s Policy on Student Records
OIT Data Security
Destruction of University Records
Policy on Access to, and Release of Student
Education Records
 Protection of Individual Health Information
HOW DOES THIS AFFECT ME?
 University Staff work with many different
pieces of information, both in hard copy and
electronic
 University Staff create records using various
media
 Much of that information is public.
 Some of that information may also be private.
 Destroy information based on the University’s
Records Retention Schedule.
HOW DOES THIS AFFECT ME?
 Be careful when creating information.
 Be careful how you use and share private
data.
 Remember why the Internet is called the
World Wide Web.
 Information may be requested by anyone,
and if it exists and is public, we have to give it
out.
MY COMPUTER
 As information has become automated, more
information exists in electronic form
 Many employees now use their home
computer or smartphone for University
business.
 The law does not delineate between whether
you are using personal or University owned
equipment.
 Laptop Security
RESOURCES
 OIT Security Information:
www.oit.umn.edu/security
 Records & Information Management:
http://recordsmgmt.umn.edu
 Office of General Counsel:
www.ogc.umn.edu
 Privacy and Data Security:
http://privacy.ahc.umn.edu
CONCLUSION
 The University is legally required to produce public





records when requested.
Although much of our information is public,
employees must also be concerned with the
protection of private data.
Information should be destroyed according to the
retention schedule.
Use common sense when creating information.
Sometimes a phone call is better.
Report privacy violations
If you are not sure, ask
Wrap Up