Primary navigation

    Opinion Library

    To return to this list after selecting an opinion, click on the "View entire list" link above the opinion title.

    RSS feed

    Advisory Opinion 96-028

    July 11, 1996; Minnesota Department of Human Services

    7/11/1996 10:14:43 AM

    This is an opinion of the Commissioner of Administration issued pursuant to section 13.072 of Minnesota Statutes, Chapter 13 - the Minnesota Government Data Practices Act. It is based on the facts and information available to the Commissioner as described below.



    Facts and Procedural History:

    For purposes of simplification, the information presented by the citizen who requested this opinion and the response from the government entity with which the citizen disagrees are presented in summary form. Copies of the complete submissions are on file at the offices of PIPA and, with the exception of any data that are not public, are available for public access.

    On May 21, 1996, PIPA received a letter dated May 20, 1996, from K. In this letter, K requested that the Commissioner issue an advisory opinion regarding K's access to certain data maintained by the Minnesota Department of Human Services, hereinafter DHS. In an effort to clarify the issues described by K, Don Gemberling, Director of PIPA, contacted K in a letter dated May 30, 1996. Soon thereafter, K, by telephone, informed Mr. Gemberling that the issues, as clarified by PIPA, were satisfactory to K.

    In response to K's request, PIPA, on behalf of the Commissioner, wrote to Maria Gomez, Commissioner of DHS. The purposes of this letter, dated June 4, 1996, were to inform Ms. Gomez of K's request, to ask her or DHS' attorney to provide information or support for DHS' position, and to inform her of the date by which the Commissioner was required to issue this opinion. On June 12, 1996, PIPA received a letter dated June 12, 1996, from Ms. Gomez.

    A summary of the facts surrounding this matter is as follows. In K's request for an opinion, K stated that s/he had made a request to view data about which K is the subject. K also wished to have a data practices designee available for questions when K reviewed the data. K stated that DHS staff insisted that, in addition to a designee, a security guard be present during the data inspection. According to K, s/he was concerned about asking the designee questions concerning the data when asking those questions and receiving explanations would reveal private data to the security guard.

    K also stated that K had received [from DHS] an incomplete public document, i.e., copies of all the forms DHS uses to collect and maintain private or confidential data were not included with the public document. According to K, this rendered the public document unreadable.

    In response to the first issue raised by K in K's opinion request, Ms. Gomez stated:

    ...it is not a violation of the MGDPA for a security guard to merely be present while an individual reviews government data. The security guard's presence does not mean the security guard will have access to private government data. Moreover, the MGDPA requires the responsible authority to ensure the security and integrity of government data, as well as provide access to government data at reasonable times and places....Based on past dealings with K, DHS deemed it necessary to require the presence of a security guard in our offer to K to review government data. This policy is in keeping with DHS' duties under the data practices act and to provide a secure working environment for DHS staff.

    In response to the second issue raised by K, Ms. Gomez stated:

    DHS maintains a 76-page document which references the forms used to collect data....The 76-page document also contains the names of DHS divisions which maintain the various forms and designees who may assist an individual in explaining the contents of a form....In addition, DHS has found that directing individuals to DHS divisions for explanation, inspection or copies of individual forms referenced in the 76-page document is more convenient to our clients, more efficient use of staff resources and in compliance with the MGDPA. Therefore, DHS contends that the 76-page document complies with the requirements of the public document required pursuant to Minnesota Statutes, section 13.05.

    Ms. Gomez also stated, The 76-page document including all forms referenced in the document is more than 4500 pages with portions maintained at several DHS divisions.


    Issues:

    In K's request for an opinion, K asked the Commissioner to address the following issues:

    1. Is it a violation of Minnesota Statutes Chapter 13 when an individual is required to inspect private government data in the presence of another individual who is not entitled to gain access to the private data being inspected, but who has been instructed by the government entity to be present while the data are being inspected?

    2. Has the Department of Human Services complied with the requirements of Section 13.05, subdivision 1, if the public document made available by the Department refers to certain forms but does not include copies of those forms?


    Discussion:

    The first issue raised by K is whether her/his Chapter 13 rights will be violated if K is forced to inspect the data about her/him in the presence of a security guard. K argued that if s/he wished to discuss some of the data with her/his designee, the security guard would be privy to those data.

    Minnesota Statutes Chapter 13 and its implementing rules, Chapter 1205, provide certain rights to subjects of data. Pursuant to Section 13.04, subdivision 3, a data subject is entitled to inspect and receive copies of data of which s/he is the subject. In addition, the data subject, if s/he so desires, shall be informed of the content of those data. Section 13.05, subdivision 3, provides that the use and dissemination of private and confidential data on individuals shall be limited to that necessary for the administration and management of specific programs. Minnesota Rules Section 1205.0400, subpart 2, limits access to private data on individuals to the following: the subject of the data; individuals whose work assignments reasonably require such access; entities so authorized by statute or federal law; and entities or individuals given access by express written direction of the data subject.

    In addition to ensuring an individual's right to gain access to data about him/herself, a government entity is required, pursuant to Section 13.05, subdivision 5, to provide appropriate safeguards for all records containing data on individuals. DHS maintains that, in the present scenario, the security guard's presence is necessary to ensure the security of government data... DHS further asserted that the security guard's presence does not mean the security guard will have access to private government data.

    In this case, K's rights to have access to the private data about him/her must be balanced with DHS' obligation to protect the security of those data. It would seem K is correct in asserting that if K wishes to discuss the data with her/his designee, the security guard would then have access to the private data about K. However, if DHS staff believe the security of the data are threatened, or if DHS staff are not comfortable explaining the data to K in the absence of a security guard, then DHS is justified in finding some way to meet its obligation to Chapter 13 and to its staff.

    The Commissioner acknowledges that this is a difficult issue for both DHS and K. From K's perspective, K ought to be able to fully and effectively exercise his/her statutory rights to inspect private data and, if necessary, to have those data explained. (See Section 13.04, subdivision 3.) From DHS' perspective, DHS does have the statutory obligation to protect the security of its records containing government data. (See Section 13.05, subdivision 5, and also Minnesota Statutes Sections 15.17 and 138.17.) However, DHS bears the ultimate responsibility for finding some way to accommodate, if at all possible, these two clear obligations, which in this instance appear to be heavily in conflict.

    Possible ways for K and DHS to resolve this dilemma include the following: requiring K to inspect documents in the presence of a designee with a security guard posted outside the door; positioning a security guard in such a way that the guard could observe K's inspection of the data without being able to overhear any questions discussed by K and the designee; providing K with copies of the documents so that the physical integrity of the original data would not be an issue; and/or allowing K to inspect copies of the documents outside the presence of a security guard with telephone communication to a designee for any explanations that might be required. Undoubtedly, there are other possible ways for DHS and K to accommodate each other's interests. Given the obligations of Chapter 13 and other public information policy requirements, the responsibility rests on DHS, to, if at all possible, find a mutually acceptable solution. However, this will be possible only if K is willing to cooperate with DHS.

    The second issue raised by K is whether the public document referred to in Section 13.05, subdivision 1, must include certain forms. Section 13.05, subdivision 1, requires that government entities prepare and maintain a public document which contains the following information: name, title, and address of the responsible authority; and a description of each category of record, file, or process relating to private or confidential data on individuals maintained by the government entity. In addition, Section 13.05, subdivision 1, states, Forms used to collect private and confidential data shall be included in the public document.

    As stated by K, and acknowledged by Ms. Gomez, DHS' public document does not, as required by Section 13.05, subdivision 1, contain the forms used to collect private and confidential data. While the Commissioner (of Administration) agrees that 4400 plus forms is a significant number of forms, Chapter 13 states explicitly that those forms are to be included in the public document. Therefore, if those forms are not included in DHS' public document, then DHS is not in compliance with the requirements set forth in Section 13.05, subdivision 1.

    Opinion:


    Based on the correspondence in this matter, my opinion on the issues raised by K is as follows:


    1. In this situation, the individual data subject's right to gain access to data must be balanced with the Minnesota Department of Human Services' obligation to protect the security of those data. The responsibility to determine a proper balance rests with DHS but the data subject must also be willing to cooperate.

    2. By not including, in its public document of data categories, copies of the forms used to collect private and confidential data, DHS has not complied with the requirements of Section 13.05, subdivision 1.

    Signed:

    Elaine S. Hansen
    Commissioner

    Dated: July 11, 1996


    Policies and Procedures

    Inspection

    Data subjects

    Public document/annual report (13.05, subd. 1 and 1205.1200)

    Security safeguards (13.05, subd. 5)

    back to top