Minnesota Department of Administration Advisory Opinion 08-024PDF

 

This is an opinion of the Commissioner of Administration issued pursuant to section 13.072 of Minnesota Statutes, Chapter 13 - the Minnesota Government Data Practices Act. It is based on the facts and information available to the Commissioner as described below.

Notes: In 2013 the Legislature enacted Minnesota Statutes, section 13.356 which classifies as private certain personal contact and online account information.

In 2014, the Legislature amended Minnesota Statutes, section 13.05, subd. 11(a), related to government contracts.

Facts and Procedural History:

On July 21, 2008, IPAD received a letter dated July 17, 2008, from Melissa Mogen, on behalf of the City of Buffalo. In her letter, Ms. Mogen asked the Commissioner to issue an advisory opinion regarding the classification of certain data.

A summary of the facts as provided by Ms. Mogen is as follows. She wrote in her opinion request:

The City of Buffalo maintains a government Web site on the City’s server that contains information regarding various city issues, events, and projects. To improve communication with citizens, the Web site includes a link entitled “E-mail Updates” that utilizes e-mail to deliver important alerts, announcements, and updated information that are time sensitive and that are already published on the City’s Web site. To service the automated e-mail subscription management system, the City has entered into a contract with GovDelivery, Inc., a privately owned and operated corporation…The automated e-mail notification system works seamlessly with the City’s Web site. GovDelivery watches the City’s Web site and automatically sends appropriate e-mails when relevant changes are made to the Web site content.

When an individual clicks on the “E-mail Updates” link, they are redirected to GovDelivery. In order to issue alerts, GovDelivery collects and maintains the registrant’s personal information including their private e-mail address and cellular telephone number. Pursuant to the service contract, GovDelivery never shares information gathered through government service clients with third parties. The City of Buffalo does not collect, create, receive, maintain, or disseminate any of the e-mail addresses or cellular telephone numbers. Additionally, although the GovDelivery contract grants ownership of the user information to the City, the City has never received or maintained a copy of the data in any form, and just three people in the city have access to view the data only by logging into the GovDelivery computer.

On June 21, 2008, the City of Buffalo received a request for a copy of the list of e-mail addresses for all registrants of the “E-mail Updates” link. The request alleges that the e-mail addresses are public data…The City denied the request stating that the e-mail addresses relating to the “E-mail Update” service were not public data permitted to be released.



Issues:

Based on Ms. Mogen's opinion request, the Commissioner agreed to address the following issues:
  1. Pursuant to Minnesota Statutes, Chapter 13, what is the classification of the data when they are not collected, created, received, maintained, or disseminated by the City of Buffalo, but are collected and maintained by GovDelivery, a privately owned and operated software service company, for the purpose of transferring important city alerts and notifications to registrants on behalf of the City?

  2. If the data collected and maintained by GovDelivery are classified as government data, are they protected by the Data Practices Act, more specifically, Minnesota Statutes, section 13.15?



Discussion:

Issue 1:

Pursuant to Minnesota Statutes, Chapter 13, what is the classification of the data when they are not collected, created, received, maintained, or disseminated by the City of Buffalo, but are collected and maintained by GovDelivery, a privately owned and operated software service company, for the purpose of transferring important city alerts and notifications to registrants on behalf of the City?

Pursuant to Minnesota Statutes, Chapter 13, government data are public unless otherwise classified. (Minnesota Statutes, section 13.03, subdivision 1.)

In her opinion request, Ms. Mogen discusses that the City contracts with GovDelivery, a non-governmental entity. The Commissioner has not seen the contract. Ms. Mogen’s description of the contractual relationship is that GovDelivery monitors the City’s website and sends out email updates and alerts to individual subscribers. To provide this service on behalf of the City, GovDelivery collects and maintains certain subscriber information, including email addresses and cellular telephone numbers.

Frequently, government entities (subject to Chapter 13) contract with non-government organizations (not subject to Chapter 13) to perform functions on their behalf. Chapter 13 discusses these contractual relationships in several provisions, the most recent and comprehensive of which is in Minnesota Statutes, section 13.05, subdivision 11. This provision went into effect on August 1, 1999. It states, in part:

If a government entity enters into a contract with a private person to perform any of its functions, the government entity shall include in the contract terms that make it clear that all of the data created, collected, received, stored, used, maintained, or disseminated by the private person in performing those functions is subject to the requirements of this chapter and that the private person must comply with those requirements as if it were a government entity.

Here, pursuant to its contract with the City, GovDelivery, on behalf of the City, collects certain data from people. The data, then, are government data, subject to the requirements of Chapter 13.

The City argues the data could be classified as not public under Minnesota Statutes, section 13.15. The Commissioner disagrees and does not think section 13.15 applies. Section 13.15 classifies electronic access data as not public. Electronic access data are defined as, “data created, collected, or maintained about a person’s access to a government entity’s computer for the purpose of: (1) gaining access to data or information; (2) transferring data or information; or (3) using government services.” [Emphasis added.] The Commissioner’s understanding is that this section classifies the following types of data about a person accessing a government computer: the IP (internet protocol) address of the person’s computer, cookie information related to the person’s internet browsing, geographic information of the person’s computer, duration of time at the government website, person’s activity on the government’s website, and so on.

In the situation Ms. Mogen presented, the data in question are not data about the individuals’ access to a computer. Rather, they are data related to the data subjects wanting a service from the City.

In addition, the data classified by section 13.15 are typically not provided by the data subject. They are data unintentionally provided by the data subject during that person’s access to a government computer. In the situation before the Commissioner, the data subjects intentionally provided their email addresses and/or cellular phone numbers to GovDelivery, as it acted on behalf of the City.

The Commissioner’s conclusion is further buttressed by Advisory Opinion 01-093:

Here, the District is producing an electronic newsletter. The District has collected the data in question because the subjects of the data wish to receive a copy of the newsletter. There is no provision in Chapter 13 or another statute that classifies these data as anything other than public. Therefore, the names, e-mail addresses, and telephone numbers of the subscribers are public.

Here, the City (via GovDelivery) collected the subscriber information because the subjects of the data wish to receive notice of updates to and alerts from the City’s website. There is no provision in Chapter 13 or another statute that classifies these data as anything other than public.

Issue 2:

If the data collected and maintained by GovDelivery are classified as government data, are they protected by the Data Practices Act, more specifically, Minnesota Statutes, section 13.15?

See Issue 1.


Opinion:


Based on the facts and information provided, my opinion on the issues that Ms. Mogen raised is as follows:

  1. Pursuant to Minnesota Statutes, Chapter 13, data collected by GovDelivery as part of its contract with the City of Buffalo are public government data.
  2. See Issue 1.

Signed:

Dana B. Badgerow
Commissioner

Dated: August 26, 2008


PDF