Laserfiche WebLink
facts and results of the investigation. If the breach involves unauthorized access to or acquisition of <br /> data by an employee, contractor, or agent of the government entity, the report must at minimum <br /> include: <br /> 1. A description of the type of data that were accessed or acquired; <br /> 2. the number of individuals whose data was improperly accessed or acquired; <br /> 3. if there has been final disposition of disciplinary action for purposes of Minn. Stat. § 13.43, <br /> the name of each employee determined to be responsible for the unauthorized access or <br /> acquisition, unless the employee was performing duties under Minn. Stat. ch. 5B; <br /> 4. the final disposition of any disciplinary action taken against each employee in response. <br /> Documentation <br /> The city administrator or designee must document each reported breach,regardless of whether <br /> notice is given. Documentation should be completed at the time of the initial report or as soon <br /> thereafter as practical. <br /> When appropriate, all documentation related to the breach and investigation shall be labeled and <br /> maintained as not public pursuant to the applicable data privacy classification,including,but not <br /> limited to, "security information" as defined by Minn. Stat. § 13.37. Subd. 1(a). The documentation <br /> shall be retained in accordance with the applicable records retention policy. <br />