The Legislative Commission on Cybersecurity met today. They started with a brainstorm on what they wanted to talk about in 2026. A hot topic was whether they extend (or maybe remove) the expiration date for the commission and talks about how to work with other commission that may have overlapping issues – such as the Data Practice Commission.

MNIT gave a presentation. There were lots of questions. I’ve highlighted the questions that I thought might be of interest to most readers. They are based on concern for folks who don’t have an email address or other digital tools/expertise and how will they be able to access some state and county services in the future.

More complete notes:

1. Approval of August 27, 2025, minutes
2. Member Discussion: 2026 session • AI, Cybersecurity, and Data Privacy bills

Topics of interest for 2026:

• Cyber security grants for cities and towns
• I agree with data privacy commission
• AI
• Advanced robotics
• China
• Data practices – we need info on state government – how do we use data practices grant – how do we determine what’s public and what’s not? What’s the rule for local gov on data retention?
• How can we use AI?
• What can we learn from cyber attack in St Paul? Seems like StP did a good job. Can we talk more about the role of the National Guard?
• Can we build a pilot with National Guard in rural counties and then cities?
• AI for MN cyber security to look for trends that humans won’t notice. I need an update from the Governor.
• What is the intersection with state and local cyber security initiatives? My people were aghast with use of National Guard.
• Can we draw from other experts?
• What’s our data retention plan?
• What’s the State employee cyber security training look like?
• Need to address extend expiration date for the cyber security commission
  Q – why do we need to extend – can we be indefinite?
  The date was there to try it out
  I’m on the commission for data practices too – these topics are not going away. there is overlap
  We could be a subcommittee
  It would be nice to be able to have closed door sessions
• We may overlap with data privacy and AI – and bills are likely to come up there
• Minor tweaks for consumer data privacy act
• Working on personal data safety
• Working on Daniel’s Law
• Some folks are working on labor data safety
• There is a provision in consumer data privacy – does allow for the public to try to correct online profiles
• We’re looking at laws related to data brokers
• Drafting on a bill to extend safety measures to judicial and legislative folks

3. MNIT Presentation (available online: https://www.lcc.mn.gov/lccs/Meetings/20251027/2025-10-27-MNIT-LCCS-Presentation)
   • Federal changes
   • LoginMN • 2026 Agency Planning Process

Questions:

• DEED – are they planning to use this with Paid Family Medical Leave program?
  Yes. There are smaller programs that are already using this. Employers will start to use it soon. The public will use it in January 2026.
• I’m worried about fraud. We’re worried about State folks making up clients or applying clients without their knowledge. Can we get this with DHS?
  There are plans.
• We test a range of tools and test as we progress with projects. How does that get managed?
  There is a policy and standard that requires new program to work with legacy – but we are trying to get rid of that legacy by June 2026.
• When we moved to fee-based approach – what will the cost be?
  Ranges from whole state model (in MN $795,000 post federal cuts) or entity level model, ($995-$17,000 based on entity capital) – but this has all changed. MN had 350 members before the fees. There is a state branch only statewide level too – $190,000.
  Looking an incident reporting – seems like local government is biggest cause.
• Related to migration to new tool – are there agencies that are excluded from the migration process is single credential set?
  Key answer is that we’re continuing to work on this with business partners.
  I think yes – but what about ID and authentication – what if there are users who don’t have the digital info they need such as an email address?
  There will be challenged like this – and we’re working with counties on how to handle that as we’ve done in the past?
  What if it’s only a state need -and they don’t have an email address?
  We work with business partner to understand needs of end users. LOGINMN handles the digital side of those offerings – but it doesn’t mean that you can’t do business in person. Like a fishing license. Hopefully the digital option will make real life lines shorter.
  Is this a matter of policy or statute that there will be a real life option?
  I don’t believe it’s a matter of statute. It’s not a MNIT policy. The policy aspect of LOGIN – is that if you need to authenticate, LOGIN is the one but we don’t deal with non-digital.

4. Future meeting topics and schedule Senate Members Senator Mark Koran Senator Eric Lucero Senator Melissa Wiklund Senator Tou Xiong

• Want to meet once more before session.
• We can poll for an agreeable time.
• Let me know if you have topics.