Today, I listened to the Legislative Commission on Data Practices meeting. It felt a little broadband-adjacent at first but the more I listened, the more interested I became. At the root of the discussions is the recognition that the laws are often not keeping up with the technology. Here’s the agenda for the meeting:
- Approval of October 15, 2025, Minutes
- Modern data privacy best practices around data minimization, retention, and maintenance
- Current challenges with data retention
- Treatment of geolocation data
- Intersection of HIPAA/HITEC, the MN Health Records Act, and the MN Consumer Data Privacy Act
- ALPR and Body Camera reporting requirements
- Data privacy as it relates to the interplay of state and federal government
- Adjourn
I was least focused on data retention portion, but my ears perked up when someone noted that many of the policies in place were written in the 1980s. That’s back when the retained “while you were out” messages left on your desk for a missed call. That helps ground the further conversation to realize that the government is trying to manage privacy and “customer” expectations using technology from 2025 and rules from 1985. And even the legislators talk about having one set of expectations for their personal privacy while wanting to use personal data to improve government processes. It’s a delicate balance.
The discussion included mention of a proposed law on health apps and easier access for parents to help manage kids’ health records, rethinking access to geolocation with an eye toward people using reverse warrants to overzealously observe residents and learning about unintended uses of automated license plate readers.