Gov. Mark Dayton on Wednesday signed into a law a bill that would make public contracts by private companies who enter into projects with the government under state open records laws, but nixed a portion ordering a study of how well state agencies protect citizens’ personal data.
Known as the “Timberjay bill,” the law requires all government contracts include notice that the requirements of the Minnesota Data Practices Act to private businesses, even when the notice is not included in the contract. The bill passed unanimously in both chambers and was in response to an open records battle closely watched by freedom of information advocates.
The bill excludes health plan companies, managed care organizations, county-based purchasing plans and others from the notice requirement until June 30, 2015.The bill also clarifies how the Department of Public Safety must sell driver’s license and motor vehicle records, establishing a bulk rate fee.
Dayton vetoed a portion of the bill that would fund a study by the office of the Legislative Auditor to study how secure state systems are at securing and transmitting data—including citizens’ personal information.
“It is not fiscally responsible to appropriate an outgoing amount of money without articulating the cost to perform the new duties outlined in the law,” Dayton wrote in a letter explaining his decision.
He added that was concerned money wasn’t appropriated to MN.IT Services, given that one of the primary duties of the state’s Information Technology department “is to identify and manage potential vulnerabilities in state systems before they are exploited by those who wish to gain access to sensitive state data.”
“I urge the Legislature to work with interested parties next session to ensure there is proper funding and oversight across state government for the protection of private data.”
Only two bills await Dayton's signature: Medical marijuana and regulation of online lottery sales.