Back to All Resources

Guides and Handbooks

Essentials of Data Security for Public Entities

March 29, 2023
Share: Facebook Twitter LinkedIn
Illustration of locked padlock filled with computer circuitry in red

Securing private data is a significant responsibility for local governments. Maintaining data security in the face of real threats, such as hackers, activists and employee errors, is a challenge that everyone in the organization must work to overcome.

Damages from data compromises and cyber-attacks to a public entity are often costly, both financially and nonmonetarily. Money is required to correct security issues, restore lost or damaged data, handle legal action and pay regulatory fines. The nonfinancial costs to a public entity can be damaging to an organization’s reputation, lowered morale and loss of the public’s trust.

It is best if your organization has a robust data security program and response plan established before an incident occurs. Now is the time to assess how strong your entity’s programs and plans are before an attack or data compromise happens. Using enterprise risk management methods, this guide is designed to assist in your efforts.

Guide to Internal Conversations, and Policy, Training Development

This guide is not intended to be, nor is it, a technical resource. Rather this guide should be used to stimulate conversations among your organization’s leadership and provide them with strategies to help your organization secure private data, whether it is electronic or paper in format.

Maintaining vigilance and being aware of new threats as they emerge is necessary for everyone within your organization. To this end, the guide includes key terms and vetted resources for individuals to consult for continuous and updated best practices.
Checkups are included with each chapter that provide an opportunity to determine which data security areas need improvement.

This resource should be shared at multiple levels within your organization, including information technology (IT) managers, elected board members, executive directors and administrators, department heads, managers, and others as appropriate (e.g., safety committee).

Information about policies and best practices for a variety of topics are included in this resource. As the threats to data security rapidly evolve and systems used by member organizations are varied, this guide often leaves specifics up to the information technology professionals within your organization.

Cover of "Essentials of Data Security for Public Entities" guide

Download Guide

The Guide’s Chapters

  1. Data Compromise and  Cyber-Liability Coverage: Note that coverage discussed is for the current coverage year (January-December) and is subject to change with the new coverage year.
  2. Data Privacy Laws
  3. Incident Preparation and Response
  4. Data Storage and the Cloud
  5. Secure Physical Access and Data Storage Rooms
  6. Vendor Contracts
  7. Secure Destruction
  8. Malware and Ransomware
  9. Passwords
  10. Social Engineering
  11. Safe Browsing
  12. Secure E-mail Practices
  13. Mobile Devices
  14. Security Patches and Updates
  15. Training Employees and Officials

Use in Combination with the Cyber-security Self-assessment

The Cyber-security Self-assessment is a broad checklist that an organization uses internally to assist in identifying data security areas it needs to strengthen.

Get Self-assessment

Page 1 of Cyber-security Self-assessment

Topics

Cyber Coverage Cyber Security/Data Security Data Practices

Related Resources

Minnesota Government Data Practices Act, An Introduction
Minnesota Government Data Practices Act, An Introduction
Minnesota Open Meeting Law
Minnesota Open Meeting Law
Quick Take on Data Security: Data Storage and Destruction
Quick Take on Data Security: Data Storage and Destruction
Risks of Using Personal Email for Government Business
Risks of Using Personal Email for Government Business