Information about individual people is classified by law as public, private, or confidential. A list of the private and confidential information maintained by the City is contained in Appendix A. The forms used to collect private and confidential information are referenced throughout the data practices procedures pages.
People entitled to access
Public information about an individual may be shown or given to anyone.
Private information about an individual may be shown or given to:
-
The subject, but only once every six months, unless a dispute has arisen or additional data has been collected
-
A person who has been given access by the express written consent of the data subject. This consent must be on the consent to release private data form, or a form reasonably similar.
-
People who are authorized access by federal, state, or local law or court order.
-
People about whom the individual was advised at the time the data was collected. The identity of those people must be part of the Tennessen warning described below.
-
People within the city staff, the city council, and outside agents (such as attorneys) whose work assignments or responsibilities reasonably require access.
Confidential information may not be given to the subject of the data, but may be shown or given to:
-
People who are authorized access by federal, state, or local law or court order.
-
People within the city staff, the city council, and outside agents (such as attorneys) whose work assignments or responsibilities reasonably require access.
Form of request and response
Any individual may request, which must be in writing, on a form supplied by the City, whether the city has stored data about that individual and whether the data is classified as public, private, or confidential.
All requests to see or copy private or confidential information must be in writing. An information disclosure request form, must be completed to document who requests and who receives this information. The responsible authority or designee must complete the relevant portions of the form. The responsible authority or designee may waive the use of this form if there is other documentation of the requesting party’s identity, the information requested, and the city’s response.
-
The city is not required to provide information verbally over the telephone.
-
The city may provide information by fax or e-mail, at its own discretion.
-
The city is not required to provide information in any specific format, except that if the data is maintained in electronic format and is requested to be electronic format, then it must be provided in that medium. This does not mean that the city will provide the data in an electronic format or program that is different from what the city has.
-
Requests for names and addresses of residents must be made in person or in writing.
Identification of requesting party: The responsible authority or designee must verify the identity of the requesting party as a person entitled to access. This can be through personal knowledge, presentation of written identification, comparison of the data subject’s signature on a consent form with the person’s signature in city records, or other reasonable means.
Time limits: Requests will be received and processed only during normal business hours. The response must be immediate, if possible, or within 10 days (excluding Saturdays, Sundays and legal holidays) if an immediate response is not possible.
Summary data: Summary data is statistical records and reports derived from data on individuals but which does not identify an individual by name or any other characteristic that could uniquely identify an individual. Summary data derived from private or confidential data is public. The responsible authority or designee will prepare summary data upon request, if the request is in writing and the requesting party pays for the cost of preparation. The responsible authority or designee must notify the requesting party about the estimated costs and collect those costs before preparing or supplying the summary data. This should be done within 10 days after receiving the request. If the summary data cannot be prepared within 10 days, the responsible authority must notify the requester of the anticipated time schedule and the reasons for the delay.
Summary data may be prepared by “blacking out” personal identifiers, cutting out portions of the records that contain personal identifiers, programming computers to delete personal identifiers, or other reasonable means. The responsible authority may ask an outside agency or person to prepare the summary data if:
-
the specific purpose is given in writing,
-
the agency or person agrees not to disclose the private or confidential data, and
-
the responsible authority determines that access by this outside agency or person will not compromise the privacy of the private or confidential data.
Juvenile records
The following applies to private (not confidential) data about people under the age of 18.
Parental access: In addition to the people listed above who may have access to private data, a parent may have access to private information about a juvenile data subject. “Parent” means the parent or guardian of a juvenile data subject, or individual acting as a parent or guardian in the absence of a parent or guardian. The parent is presumed to have this right unless the responsible authority or designee has been given evidence that there is a state law, court order, or other legally binding document which prohibits this right.
Notice to juvenile: Before requesting private data from juveniles, city personnel must notify the juveniles that they may request that the information not be given to their parent(s). This notice should be the notice to persons under the age of 18 form.
Denial of parental access: The responsible authority or designee may deny parental access to private data when the juvenile requests this denial and the responsible authority or designee determines that withholding the data would be in the best interest of the juvenile. The request from the juvenile must be in writing stating the reasons for the request. In determining the best interest of the juvenile, the responsible authority or designee will consider:
-
Whether the juvenile is of sufficient age and maturity to explain the reasons and understand the consequences,
-
Whether denying access may protect the juvenile from physical or emotional harm,
-
Whether there is reasonable grounds to support the juvenile’s reasons, and
-
Whether the data concerns medical, dental, or other health services provided under Minnesota Statutes Sections 144.341 to 144.347. If so, the data may be released only if failure to inform the parent would seriously jeopardize the health of the minor. The city complies with all HIPPA requirements.
The responsible authority or designee may also deny parental access to health records without a request from the juvenile under Minnesota Statutes Section 144.335.