Citizen email addresses and phone numbers submitted to cities in order to receive city notifications and electronic publications are now private data.
(Published Jul 22, 2013)
As a result of a League-sponsored initiative passed by the 2013 Legislature, when an individual provides a city with a phone number or email address in order to receive notifications or periodic electronic publications, the contact information maintained by the city is now private data under the Minnesota Government Data Practices Act (MGDPA).
The new law, passed as part of the omnibus data practices bill (Chapter 82, section 1), went into effect on May 24, and applies to data collected, maintained, or received before, on, or after that date.
How does the new law work?
The new classification only applies to phone numbers, email addresses, and Internet user names, passwords “and any other similar data related to the individual’s online account or access procedures.” These types of data are classified as private data when they are “Collected, maintained, or received by a government entity for notification purposes or as part of a subscription list for an entity’s electronic periodic publications as requested by the individual . . .”
The law does not define “notification” nor does it define “electronic periodic publications.” However, the legislation was discussed at many public hearings, and was drafted with the assistance of the Information and Policy Analysis Division (IPAD) of the Department of Administration, which is charged with administering the MGDPA. Based on these hearings and input from IPAD, the League is able to offer the following general guidance. As always, specific questions on compliance with the MGDPA should be directed to your city attorney.
Notifications. Email addresses and phone numbers provided to receive notifications of a general nature not specifically directed at an individual will be classified as private data under the new law. For example, when individuals request a text message or email notifying them of a snow emergency, the contact information will be private. When individuals request a text message or email notifying them of school closures, road closures, or crime alerts, the contact information will be private. While IPAD has not formally issued opinions on this definition (see below), it is unlikely that a notice containing information specific to an individual (e.g., a notice that a water bill is past due) will be classified as private data under the new law.
Electronic periodic publications. This phrase is designed to cover information of a general nature that is sent out by a city on a periodic basis. If your city has a website that allows people to sign up to receive things such as quarterly newsletters, weekly crime statistics, or city council meeting minutes, the emails and phone numbers maintained by the city will be private data.
IPAD assisted the Legislature in drafting the bill, and will be releasing further guidance on how it will interpret the new language. The League will inform cities as soon as IPAD releases its guidance. IPAD’s guidance is not expected to differ substantially from the information in this article, however.
No Tennessen Warning required
Collection of this data is exempt from the Tennessen Warning. A “Tennessen Warning” is required to be given to citizens when an individual is asked to supply private or confidential data to a government entity (see Minnesota Statutes, section 13.04, subdivision 2). Because the submission of contact information for notifications and publications in this context is voluntary, the law makes clear that cities need not provide a Tennessen Warning when a citizen requests to receive notifications or electronic periodic publications.
Use of the contact information
A city’s use of the contact information is limited by the MGDPA. The law states that “data provided under [this section] may only be used for the specific purpose for which the individual provided the data.” In other words, if a citizen signs up to receive notification of snow emergencies, then the city may only send snow emergency notifications to that email address or phone number; it may not send a city newsletter or other “electronic periodic publication” to that individual.
Cities should take care to restrict the use of these email addresses and phone numbers to authorized purposes, and should make it clear to citizens what information they have signed up to receive.
Even without the new language limiting the use of the data, because the contact information is now classified as private data, cities are limited in how that data may be shared. Minnesota Statutes, section 13.05, subdivision 4 governs a government entity’s use of private data. Under Minnesota law, private data may only be accessed by:
If your city sends out notification emails on a listserv, it must take care to hide the email addresses of those on the listserv. For example, an email sent to a group of people that discloses the email addresses of all recipients would disclose private data and violate the MGDPA.
Contact IPAD for guidance
Any city that has a question about how to interpret this or any other provision of the MGDPA may contact IPAD for informal guidance, and may request an advisory opinion if a city is uncertain how to respond to a data practices request. If a city acts in compliance with an advisory opinion, it cannot be liable for any damages or penalties under the MGDPA, even if a court eventually finds that a city’s response violated the MGDPA.
* By posting you are agreeing to the LMC Comment Policy.