Printed on: 12/01/2022. Please go to policy.umn.edu for the most current version of the document.

Administrative Policy

Public Access to University Information

Questions?

Policy Statement

Individuals requesting public information will be provided access to all public information in accordance with Minnesota's Public Records Law, the Minnesota Government Data Practices Act (MGDPA), Chapter 13 of the Minnesota Statutes. The MGDPA applies to all government data that is "collected, created, received, disseminated or maintained by the University, regardless of physical form, storage media or conditions of use." This includes all University work-related information produced or held on University-owned devices or on employee owned devices such as tablets or smartphones. Unless directed to another specific unit in the Procedure for Requesting Information from the University of Minnesota, data requests must be submitted through the University’s online portal.

The Director of Data Access and Privacy (DAP) is the Responsible Authority and Data Practices Compliance Official under the MGDPA and is responsible for managing and fulfilling requests for information in accordance with the MGDPA. Whenever possible, the University will direct requesters to existing sources of public information.

Units that receive requests from either the public or subjects of data must send those requests to the DAP Office for review and response. In order to comply with the University’s legal responsibilities, members of the University community, upon request, must promptly provide data to the responsible authority and the DAP Office.

Individuals who are the subjects of data collected or maintained about them by the University have the right to:

know what data is kept and how it is classified;
notification when private or confidential data is collected from them;
challenge the accuracy or completeness of data about them; and
have private data secured.

Reason for Policy

The University adheres to the provisions of state and federal privacy and records laws, including the Minnesota Government Data Practices Act. In so doing, the University:

Increases the value of University information resources through widespread and appropriate use.
Prevents the inappropriate and unauthorized disclosure of information and thereby avoids adverse legal consequences.

Providing efficient and effective access allows the University to minimize expenses related to record keeping and document production and maximize the resources devoted to the primary mission of the University.

Procedures

Forms/Instructions

UM 1908: Authorization for Release of Employment Information (docx)
UM 1907: Employment Reference Release (docx)

Data Request Center

Appendices

Frequently Asked Questions

Contacts

Subject	Contact	Phone	Email
Primary Contact/Responsible Authority	Laurie Beyer-Kropuenske	612-625-6993	[email protected]
Access to Public Data	Data Access and Privacy	612-625-6993	[email protected]
Questions From Media		612-624-8038	[email protected]

Responsible Individuals
Responsible Officer	Policy Owner	Primary Contact
General Counsel	Chief Data Practices Compliance Officer	Laurie Beyer-Kropuenske Chief Data Practices Compliance Officer

Definitions

Access: The ability to view information, and, when applicable, update or download it. Access is provided to individuals and groups of individuals based on state and federal law and University policy. Access to private or confidential data, and access which permits data updates or downloads requires specific permissions related to job responsibilities.
Data: Information collected, stored, transferred or reported for any purpose, whether stored electronically or in paper files.
Data Custodian: Representatives of the University who are assigned responsibility to serve as a steward of University data in a particular area. They are responsible for developing procedures for creating, maintaining, and using University data, based on University policy and applicable state and federal laws.
Data Owner: Individuals, who in the course of carrying out the University's official business, serve as stewards of data in alignment with their function at the institution. This role is responsible for the accuracy of institutional data that they manage.
Family Educational Rights & Privacy Act: Federal law (P.L. 93-568, 2) as amended in 1974 (with updates). Specifies rights and responsibilities of students and colleges regarding access to student data.
Information/Data Classifications: A determination that establishes the breadth of access to information See Appendix: Examples of Public, Private and Confidential Information.
Minnesota Government Data Practices Act (MGDPA): Legislation governing access to information that is created, received, and maintained by the Minnesota government entities.
Public Data: All government data collected, created, received, maintained or disseminated by the University that is not classified as private, nonpublic or confidential by Minnesota Statute, temporary classification or federal law. For examples of public and private data, see appendix to this policy.
University Information: Information collected, manipulated, stored, reported or presented in any format, on any medium, by any unit of the University.

Responsibilities

General Counsel

Provide legal advice to University staff and decision makers to ensure compliance with state and federal law, including the proper classification of University Data.

Data Access and Privacy Office

DAP director serves as the responsible authority and data practices compliance official under the MGDPA
Fulfills requests for public information that cannot be met through existing reports and other materials.
Assists General Counsel in advising University staff and other decision-makers regarding access to University information.
Maintains Appendix: Examples of Public, Private and Confidential Information, specifically, the section on what U information is classified as Public or Not Public.

University community member

Promptly provide records that are responsive to a data request when requested by a member of the DAP Office.

Related Information

Board of Regents Policy: Student Education Records
Administrative Policy:Acceptable Use of Information Technology Resources
Administrative Policy: Managing University Records and Information
Administrative Policy: Reporting and Notifying Individuals of Information Security Breaches
Administrative Policy: Information Security
University of Minnesota Duluth - Appropriate Use of Information Technology
Office of the Registrar Policies on Access to Student Records
Training: Data Practices for University Employees
Enterprise Access Requests
Minnesota Government Data Practices Act - MS. 13.01 et. seq.
Family Educational Rights and Privacy Act - US Statute
Computer Fraud and Abuse Act, 1986
Electronic Communications and Privacy Act

History

Amended:: October 2020 - Comprehensive Review, Minor Revision. 1. Specifies what are acceptable forms of ID to confirm identify. 2. Updates the public and private information list. 3. Makes consistent some labels throughout the documents.
Amended:: April 2014 - Comprehensive Review, Minor Revision. 1. A new procedure covered the rights of subjects of government data was added. 2. The reason for policy was clarified and the process for making data requests was enhanced. 3. Outdated definitions were removed.
Effective:: January 1999