Laserfiche WebLink
facts and results of the investigation. If the breach involves unauthorized access to or acquisition of <br />data by an employee, contractor, or agent of the government entity, the report must at minimum <br />include: <br /> <br />1. A description of the type of data that were accessed or acquired; <br />2. the number of individuals whose data was improperly accessed or acquired; <br />3. if there has been final disposition of disciplinary action for purposes of Minn. Stat. § 13.43, <br />the name of each employee determined to be responsible for the unauthorized access or <br />acquisition, unless the employee was performing duties under Minn. Stat. ch. 5B; <br />4. the final disposition of any disciplinary action taken against each employee in response. <br /> <br />Documentation <br />The city administrator or designee must document each reported breach, regardless of whether <br />notice is given. Documentation should be completed at the time of the initial report or as soon <br />thereafter as practical. <br /> <br />When appropriate, all documentation related to the breach and investigation shall be labeled and <br />maintained as not public pursuant to the applicable data privacy classification, including, but not <br />limited to, “security information” as defined by Minn. Stat. § 13.37. Subd. 1(a). The documentation <br />shall be retained in accordance with the applicable records retention policy. <br />