Minnesota’s new comprehensive privacy law that took effect Thursday, July 31, includes several unique and uncommon requirements, such as requiring companies to allow consumers to question their automated decisions. But many of the law’s stipulations are already considered best practices.
Zachary Klein, an attorney in the Privacy, Technology + Data Security Practice Group at Davis+Gilbert, was extensively quoted in Privacy Daily discussing Minnesota’s new comprehensive privacy law.
“There are a few unusual requirements that are new in this law that you don’t see in some of the other comprehensive privacy laws,” Zachary explained. However, “a lot of these requirements are things companies should be doing anyway. Still, for some businesses, Minnesota’s law could be a ‘wake-up call.’”
Among these requirements, some will prove particularly challenging to implement.
“A big compliance challenge, especially for a smaller company, will be Minnesota’s requirements to document compliance procedures and conduct a data inventory. Unlike most other states, Minnesota codifies that companies must have policies on purpose limitation, data minimization and data retention. And by requiring businesses to include the name and contact info of a top privacy compliance official, the state effectively requires companies to have chief privacy officers (CPOs),” Zachary said. “These are things they are going to subpoena in the event of an investigation.”
For more information about the Minnesota Consumer Data Privacy Act, read the full article below.