Internet Privacy and Consumer Protection in Minnesota

§325M.01 et seq. of Chapter 325M of the Minnesota Statutes or Chapter 325M for short is an internet privacy law that was enacted in 2003. As the turn of the century saw a significant increase in the internet usage of citizens around the world, Minnesota Chapter 325M was passed for the purpose of ensuring that internet service providers providing would protect the confidentiality and integrity of the various forms of personally identifiable information that they receive from their respective customers. Furthermore, the law also outlines the consequences that internet service providers stand to face should they be found to be in violation of any of the provisions established in the law.

How is an internet service provider defined under the law?

Under §325M.01 et seq. of Chapter 325M of the Minnesota Statutes, an internet service provider or ISP is defined as “a business or person who provides consumers authenticated access to, or presence on, the Internet by means of a switched or dedicated telecommunications channel upon which the provider provides transit routing of Internet Protocol (IP) packets for and on behalf of the consumer. Internet service provider does not include the offering, on a common carrier basis, of telecommunications facilities or of telecommunications by means of these facilities.”

What are the duties of ISPs under the law?

§325M.01 et seq. of Chapter 325M of the Minnesota Statutes mandates that ISPs take the following steps and measures to protect the personal information of the consumers they provide services to within the state:

• ISPs are responsible for developing and implementing procedures that can be used to safeguard the personal information of their customers.
• ISPs are prohibited from disclosing a customer’s personal information without their permission. However, there are certain exceptions to this rule. Such exceptions include instances where an ISP discloses a customer’s personal information in response to the violation of a user agreement or service policy, among other things.
• ISPs are prohibited from using the personal information of their customers to engage in targeted advertising or marketing activities.
• ISPs may obtain consent or authorization from a consumer in regard to the disclosure of their personal information via written or electronic means.

What data elements concerning customers are protected under the law?

The data elements pertaining to consumers within the state of Minnesota that are legally covered in the event of a data breach or other form of unauthorized disclosure include but are not limited to:

• Postal addresses.
• Email addresses.
• Full names.
• Drivers license and state identification cards.
• Dates of birth.
• Financial information.
• Geolocation information.
• Social security numbers.
• Internet or online sites viewed by a consumer.
• The contents of a consumer’s data storage devices.

What are the penalties for violating the law?

As it relates to the enforcement of the law, §325M.01 et seq. of Chapter 325M of the Minnesota Statutes is enforced by the Minnesota state attorney general. With this being said, ISPs providing services to consumers within the state of Minnesota that are found to be in violation of the law are subject to a number of penalties. Most notably, the law gives Minnesota consumers the right to bring civil litigation against ISPs that fail to comply with the provisions set forth in the law. To this point, Minnesota consumers that prevail after pursuing such legal action are entitled to monetary damages of up to $500 or actual damages, as well other associated costs, reasonable attorney fees, and disbursement.

While internet service has completely altered the ways in which human beings can communicate with one another around the globe, the information that is collected when providing such services must also be protected. To this end, §325M.01 et seq. of Chapter 325M of the Minnesota Statutes ensures that ISPs are not able to disclose the personally identifiable information of their customers without facing monetary penalties and other related legal actions. As such, consumers within the state of Minnesota can have the peace of mind that the personal information they disclose to their ISPs will remain confidential at all times.