Skip to main content Skip to office menu Skip to footer
Minnesota Legislature
Skip Navigation Links > > >

Last reviewed October 2018

Minnesota Issues Resource Guides
Privacy

This guide is compiled by staff at the Minnesota Legislative Reference Library on a topic of interest to state legislators. It introduces the topic and points to sources for further research. It is not intended to be exhaustive.

Legislative History    Books and Reports    Articles    Internet Resources
Additional Library Resources   Federal Legislation

State policy makers face the fundamental question of how to strike a balance between the free flow of public information and the protection of personal information. Privacy advocates feel consumers should have the opportunity to choose how (or whether) their personal information is used by the businesses and government agencies with whom they have direct contact - or by third parties. Over the past decade, debate over license-plate readers, cell-phone tracking devices, REAL ID, identity theft, telecommunications, financial institutions' sharing of customer data, medical records privacy, government records, and telemarketing have been at the forefront.

In 2014, Minnesota lawmakers introduced dozens of bills aimed at addressing growing concerns over mass surveillance programs and personal data privacy. Some of the legislation reflected consumer protection efforts in response to the largest data breach on record. Rep. Mary Liz Holberg and Sen. Scott Dibble authored legislation creating the Legislative Commission on Data Practices and Personal Data Privacy (HF2120/SF2066*/CH193). The Commission's role is to study issues relating to government data practices and individuals’ personal data privacy rights, and to review legislation impacting data practices, data security, and personal data privacy. The only reform enacted in 2014 was chapter 278 (SF 2466) requiring law enforcement agencies to obtain a court order before using high-tech snooping devices such as Kingfish and Stingray, which track people's movements via their cellphones. The bill passed easily through both chambers.

2015 saw the controversial passage of requirements for the use of police-worn body cameras. In the end, Governor Dayton promised to sign the bill only if the provision allowing peace officers to review body camera recordings before writing their reports was removed. Another contentious issue involving privacy and police resulted in legislators approving a bill limiting the amount of data that can be gathered by automated license plate readers (APLRs). For much more on the discussion, see "New Law Puts Limits on License Plate Readers" from the House Public Information Office.

Legislative discussions in 2016 centered around two areas of data privacy. The Uniform Fiduciary Access to Digital Assets Act was originally drafted by the Uniform Law Commission, and then introduced as HF200 /SF476. Under it, a designated fiduciary would be able to gain access to the digital account records of deceased or incapacitated persons, in most cases. The language was eventually added to HF1372, a bill that made changes to Minnesota probate code and various other provisions and became law as chapter 135.

Minnesota lawmakers repealed a 2009 prohibition in 2016 that prevented state agencies from planning how to comply with the 2005 federal law related to Real ID (HF1732/ SF1646*). However legislators could not come to a resolution on how to bring the state's licenses into compliance with the federal Real ID law. At the time, Minnesotans could not use their driver's licenses to access federal facilities, such as nuclear plants and military bases. Concerns over whether Minnesotans would be allowed to board commercial flights using their existing Minnesota drivers' licenses were alleviated when that restriction was delayed until 2018. Conferees on HF3959/SF3589* had agreed to the Senate’s preferred implementation timeline of January 2018, but in the final days of session could not come to agreement on House language that would specifically prohibit undocumented immigrants from obtaining a Minnesota driver’s license. For more background see "House, Senate Versions of Real ID Bill Likely Headed to Conference", from the House Public Information Office, May 17, 2016.

In 2017 Minnesota lawmakers adopted compliance legislation for implementation of Federal REAL ID requirements. The 2017 Jobs and economic development bill, chapter 94 (HF1620SF1456*) involved discussion on whether to include an amendment that would require internet service providers (ISP) who use equipment subject to a franchise agreement, right of way agreement or other contract with the State of Minnesota or local unit of government, to obtain a consumer's explicit consent before selling or sharing Web browsing data and other private information with advertisers and other companies. Rep. Paul Thissen offered the amendment on the heels of action by the U.S. Congress to eliminate broadband privacy rules that would have required ISPs to get consumers' such explicit consent. The amendment was ultimately excluded. 

Governor Dayton signed a bill on May 31 establishing requirements for the use of police-worn body cameras (Chapter 171, SF 498). This robust new law helps cities understand how to handle the immense amount of data that comes from body camera recordings.

The effective date is Aug. 1, 2016.

The passage of this bill wasn't without controversy. One of the controversial provisions that did not make it into law required that peace officers be allowed to review body camera recordings before writing their reports. The conference committee removed this language based on Governor Dayton's promise to sign this bill into law if it were removed.

- See more at: http://www.lmc.org/page/1/BodyCamLegislationUpdate.jsp#sthash.uEq2QgcG.dpuf

Governor Dayton signed a bill on May 31 establishing requirements for the use of police-worn body cameras (Chapter 171, SF 498). This robust new law helps cities understand how to handle the immense amount of data that comes from body camera recordings.

The effective date is Aug. 1, 2016.

The passage of this bill wasn't without controversy. One of the controversial provisions that did not make it into law required that peace officers be allowed to review body camera recordings before writing their reports. The conference committee removed this language based on Governor Dayton's promise to sign this bill into law if it were removed.

- See more at: http://www.lmc.org/page/1/BodyCamLegislationUpdate.jsp#sthash.uEq2QgcG.dpuf

A selection of reports and resources that explore the many facets of privacy concerns in Minnesota are presented below.

Legislative History

Minnesota Government Data Practices - Minnesota Statutes, chapters 13, 13A, 13B, 13C [See Laws of Minnesota 1979, chapter 328, section 1, Laws of Minnesota 1974, chapter 479 and Privacy of Communications Act: Laws of Minnesota 1969, chapter 953.]

Recent Session Laws

Laws of Minnesota 2014, chapter 278, section 2 - Government Access to Electronic Device Location Information (SF2466*/HF2288)

Laws of Minnesota 2014, chapter 193 - Legislative Commission on Data Practices and Personal Data Privacy (SF2066*/HF2120)

Laws of Minnesota 2015, chapter 171 - Police-worn Body Cameras (SF498*/HF430)

Laws of Minnesota 2015, chapter 67 - Automated License Plate Readers (HF222/SF86*)

Laws of Minnesota 2016, chapter 135 - Revised Uniform Fiduciary Access to Digital Assets Act (HF1372, Art. 2, Sec. 2-20/SF1196)

Laws of Minnesota 2016, chapter 83 - REAL ID Act Plan for Implementation (HF1732/SF1646*)

Laws of Minnesota 2016, chapter 126 - Dissemination of private sexual images: Revenge Porn (HF2741/SF2713*)

Laws of Minnesota 2017, chapter 76 - Compliance with Federal REAL ID Act Requirements (HF3*/SF166

Laws of Minnesota 2017, chapter 83 - Prohibits the use of ignition interlock devices enabled with location tracking (HF179*/SF347)

Laws of Minnesota 2018, chapter 140 - Agricultural research data collection classification (HF2982*/SF2550)

Laws of Minnesota 2018, chapter 152 - The state will count birth defects in stillborn babies when tabulating birth defects under existing state law. Requires the Department of Health to inform parents of a child with birth defects of “the privacy implications” of the department maintaining records about their child. (HF3689*/SF2662)

Laws of Minnesota 2018, chapter 158 - Protecting children from identity theft (HF1243*/SF1811)

Significant Books and Reports

Cleveland, Emily. Genetic Privacy Law and the Bearder Case. St. Paul: Research Department, Minnesota House of Representatives, 2013. (KFM5862.5.P8 C54 2013)

Gehring, Matt. Criminal Background Checks: An Overview of Minnesota Law. St. Paul: Research Dept., Minnesota House of Representatives, Updated February 2014. (HF5549.5.E429 M45 2014)

Gehring, Matt. Minnesota Government Data Practices Act: A Data Privacy Overview. St. Paul: Research Dept., Minnesota House of Representatives, Updated 2010. (KFM5862.6.A25 M35 2010)

Genetic Information in Minnesota: A Report to the Minnesota Legislature. St. Paul: Minnesota Dept. of Administration, 2009. (KFM5862.5.P8 M56 2009)

Guarding your Privacy: Tips to Prevent Identity Theft. St. Paul: Minnesota Attorney General, 2015. (HV6679.G83 2015)

Igo, Sarah E. The Known Citizen: A History of Privacy in Modern America. Cambridge, MA: Harvard University Press, 2018.

A Legal Guide to Privacy and Data Security. St. Paul: Minnesota Department of Employment and Economic Development and Gray Plant Mooty, 2016. (KF1262.L43 2016)

Mullen, Mary. The Internet and Public Policy: Challenges and Policy Considerations for State Regulation. St. Paul: Research Dept., Minnesota House of Representatives, 2018. (KF390.5.C6 M85 2018)

Mullen, Mary. The Internet and Public Policy: Privacy and Consumer Protection. St. Paul: Research Dept., Minnesota House of Representatives, 2018. (KF390.5.C6 M854 2018)

Planning for Implementation of the REAL ID Act: Report to the Legislature. St. Paul: Minnesota Department of Public Safety, April 14, 2016. (KFM5697.6 P53 2016)

Request to Classify Data Obtained by the use of Automatic License Plate Readers as "Not Public Data" — Findings of Fact and Conclusions. St. Paul: Minnesota Dept. of Administration, 2013. (KFM5862.5.P8 A52 2013)

Schneier, Bruce. Data and Goliath: the Hidden Battles to collect Your Data and Control your World. New York, N.Y.: W.W. Norton & Company, 2015. (HM846.S362 2015)

Smith, Robert Ellis. Compilation of State and Federal Privacy Laws. Providence, RI: Privacy Journal, 2018 suppl. (REF KF1262.A29 C66 2018).

You Are Being Tracked: How License Plate Readers Are Being Used To Record Americans' Movements. New York, NY: American Civil Liberties Union, 2013. (TK7882.E2 Y68 2013)

Significant Articles

(articles in reverse chronological order)

Davis, Jon. "Keeping Private Data Secure: Midwestern States Among the Vanguard When it Comes to Laws and Measures to Secure Residents' Private Electronic Information." Stateline Midwest, October 2018, p. 1, 6-7. 

Liptak, Adam. "In Ruling on Cellphone Location Data, Supreme Court Makes Statement on Digital Privacy." New York Times, June 22, 2018.

Castillo, Olivia. "Is Privacy Still Possible? The Fourth Amendment in an Age of (Digital) Surveillance." Criminal Justice, Spring 2018, p. 8-13.

Robbins, Joshua M. and Adam Sechooler. "Once More Unto the Breach: What the Equifax and Uber Data Breaches Reveal About the Intersection of Information Security and the Enforcement of Securities LawsCriminal Justice, Spring 2018, p. 4-7.

Kennerly, Ellen. "Privacy and the Internet: Can Massive Data Breaches be Stopped?" CQ Researcher, February 9, 2018, entire issue.

Harper, Jim. "The New National ID Systems." Policy Analysis, Cato Institute, January 30, 2018, entire issue. 

"Broadband Privacy: Protecting Personal Information in the Digital Age." Congressional Digest, May 2017, entire issue.

Mantel, Barbara. "High-Tech Policing: are new Surveillance Technologies Effective and Legal?" CQ Researcher, Vol. 27, No. 15, April 21, 2017, entire issue.

Callaghan, Peter. "Why a Simple Question About Body Cameras has Become Deal-breaker for Some Police Reform Advocates in St. Paul." MinnPost, November 14, 2016.

Fifield, Jen. "Data, Drones and Apps: States Debate Privacy Protections as Technology Speeds Ahead." Stateline Legislative Review, July, 2016.

"Domestic Drones: Balancing Privacy and Safety with Innovation and Opportunity." Congressional Digest, June 2016, entire issue.

Peralta, Eyder. "U.S. Announces New 'Ground Rules' for use of Commercial Drones." National Pubic Radio, June 21, 2016. (Article includes a link to the first Federal operational rules to govern the commercial use of drones issued Tuesday, June 21, 2016.)

Glazer, Sarah. "Privacy and the Internet: Should American's have the "Right to right to be Forgotten”?" CQ Researcher, Vol. 25, Issue 43, Dec. 4, 2015. 

Bierschbach, Briana. "Privacy, Please: Legislators, Cops and Agencies Wrestle Over Data Protection." MinnPost, April 25, 2014.

Newman, Nathan. "The Costs of Lost Privacy: Consumer Harm and Rising Economic Inequality in the Age of Google." William Mitchell Law Review, Vol.40 No.2, 2014.

"Riley v. California". Supreme Court of the United States, Decision No. 13-132. Argued April 29, 2014 - Decided June 25, 2014. (In a landmark decision the Supreme Court has ruled that before police can search for information on an arrestee's cell phone they must secure a warrant.)

Taylor, Stuart Jr. "The Big Snoop: Life, Liberty, and the Pursuit of Terrorists." The Brookings Institute Essay, April 29, 2014.

"Warrentless GPS Tracking: Applying the Fourth Amendment to New Technology." Supreme Court Debates, January 2012, entire issue.

Roberds, William and Schreft, Stacey L. "Data Security, Privacy, and Identity Theft: The Economics Behind the Policy Debates". Federal Reserve Bank of Chicago - Economic Perspectives, First Quarter 2009, p. 22-30.

Weissman, Gary A. and Gemberling, Donald A. "Access to Court Records in Minnesota." Bench and Bar, April 2008, p. 29, 31.

Significant Internet Resources

Commerce and Economic Development: The Internet - Minnesota House Research subtopic area with a focus on privacy.

Data Privacy - Minnesota House Research Department topic area.

Federal Trade Commission (FTC), Bureau of Consumer Protection - Legal and compliance resources related to Privacy and Security. See also their Privacy, Identity & Online Security page.

Information Policy Analysis Division - This division of the Minnesota Department of Administration provides technical assistance and consultation to individuals, government entities, businesses, and associations on Minnesota's data practices act (Minnesota Statutes, chapter 13), the Open Meeting Law (Minnesota Statutes, chapter 13D), and other information policy laws.

Legislative Commission on Data Practices - 2014 legislation created the Commission to study issues relating to government data practices and individuals’ personal data privacy rights. Here is the Library's informational record on the Legislative Commission on Data Practices.

Minnesota Attorney General's Office - The office "fights for stronger privacy protection on three main fronts- law enforcement, legislative advocacy, and public education." See their topic area for Identity Theft & Computers.

Privacy and Security - A National Conference of State Legislatures (NCSL) website with links to state laws, task forces, and policies. See also State Laws Related to Internet Privacy (March 2018) and Privacy Legislation Related to Internet Service Providers (December 2017). To learn more about state drone (or UAS) laws, see Taking Off: State Unmanned Aircraft Systems (Drones) Policies (June 2016).

National Security Agency (NSA)/Central Security Service (CSS) - Information and background on these two federal privacy-related agencies.

Privacy Rights Clearinghouse - A nonprofit consumer information and advocacy group that offers consumers in-depth information on a variety of privacy issues, including useful consumer guides.

U.S. Department Health and Human Services - Office for Civil Rights - HIPAA - Health Insurance Portability and Accountability Act and medical privacy.

Additional Library Resources

For historical information, check the following codes in the Newspaper Clipping File and the Vertical File: P150 (Privacy), R40 (Records & Record Management), M7 (Mailing Lists)

For additional reports at the Legislative Reference Library, use these Library catalog searches:
Data Protection; Identity Theft; Electronic Privacy.

Federal Legislation Highlights

1966 - The Freedom of Information Act (5 U.S.C. § 552) - Gives any person the right to request access to federal agency records or information. The Act defines agency records subject to disclosure, outlines mandatory disclosure procedures and grants nine exemptions to the statute.

1970 - Fair Credit Reporting Act (15 U.S.C. §§ 1681 et seq.) - Governs certain kinds of financial and other personal information included within the definition of a "consumer report."

1974 - The Privacy Act (5 U.S.C. § 552a) - Establishes certain controls over what personal information is collected by the federal government and how it is used. The act guarantees three primary rights: (1) the right to see records about oneself, subject to the Privacy Act's exemptions; (2) the right to amend that record if it is inaccurate, irrelevant, untimely, or incomplete; and (3) the right to sue the government for violations of the statute, including permitting others to see your records, unless specifically permitted by the act.

1976 - Government in the Sunshine Act (5 U.S.C. § 552b) - Presumptively opens the policymaking deliberations of collegially headed Federal agencies - such as boards, commission, or councils - to public scrutiny. Pursuant to the statute, agencies are required to publish advance notice of impending meetings and make those meetings publicly accessible.

1978 - Foreign Intelligence Surveillance Act (50 U.S.C. Chapter 36) - Designed to regulate foreign intelligence gathering. FISA was initially limited to electronic eavesdropping and wiretapping. In 1994 it was amended to permit covert physical entries in connection with "security" investigations, and in1998, it was amended to permit pen/trap orders. FISA can also be used to obtain some business records.

1986 - Electronic Communications Privacy Act (18 U.S.C. § 2511, aka Wiretap Act) - Extends the coverage of Title III to new forms of voice, data and video communications including cellular phones, electronic mail, computer transmissions, and voice and display pagers.

Enacted as Title II of the ECPA, the Stored Communications Act (18 U.S.C. Chapter 121 §§ 2701–2712) - Addresses voluntary and compelled disclosure of "stored wire and electronic communications and transactional records" held by third-party internet service providers (ISPs).

1994 - Driver's Privacy Protection Act (18 U.S.C. § 2721) - Creates a baseline standard of privacy protection for state DMV records.

1996 - Health Insurance Portability and Accountability Act (Public Law 104-191) - Creates new restrictions on electronic health care data.

1998 - Identity Theft and Assumption Deterrence Act (18 U.S.C. Chapter 47) - Prohibits knowingly transferring or using, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.

1998 - Children's Online Privacy Protection Act (15 U.S.C. § 6501) - Commercial websites designed for children must now obtain "verifiable parental consent" before collecting, using, or disclosing personal information from all children under 13.

1999 - Gramm, Leach, Bliley Financial Services Modernization Act (15 U.S.C. Chapter 94) - Requires all financial services firms to provide annual notices about their data-use policies to all their customers, and also to provide mechanisms for customers to "opt out" — to decide that they no longer want information about them to be used in certain ways.

2001 - USA Patriot Act (Public Law No: 107-56) - After the 911 terrorist attacks, the act updated surveillance laws to reflect the digital world and expands surveillance powers of law enforcement and intelligence gathering agencies. Many provisions in the act were set to expire in 2005. The USA Patriot Act was reauthorized by the USA PATRIOT and Terrorism Prevention Reauthorization Act of 2005 (Public Law No: 109-177) and USA PATRIOT Act Additional Reauthorizing Amendments Act of 2006 (Public Law No: 109-178).

2008 - FISA Amendments Act of 2008 (H.R.6304, Public Law No: 110-261) - Expands FISA to allow warrantless surveillance, establishing a procedure for authorizing certain acquisitions of foreign intelligence.

2015 - USA Freedom Act (H.R. 2048Public Law No. 114–23) - Extends parts of the Patriot Act and ends bulk collection of phone data.