July 1st is NO picnic!

Each July brings Fourth of July picnics, providing much excitement but also the added responsibility to figure out what to feed that many people. The term “picnic” is a bit of a misnomer as planning and preparing a meal and activities for dozens or even hundreds of guests is no picnic. Each July 1st also means that the newly enacted state statutes take effect, bringing new responsibilities for local governments in South Dakota.

While no one could make July 1st a “picnic,” the SD Municipal League and SD Association of County Commissioners prepare their Members for these new responsibilities. Their endorsed pools—the SD Public Assurance Alliance (SDPAA) and the SDML Worker’s Compensation Fund—provide their local government Members the needed coverages to operate safely and effectively under these new responsibilities.

The SDPAA is governed by an eleven-member Board of Directors consisting of public officials and public employees drawn from their own public entity Members. The SDPAA staff consists of public employees with considerable claims and local government experience who can uniquely identify any emerging issues for local governments, including the impact of any new state legislation. This article will highlight three measures that will become effective on July 1 that may impact local governments’ liability exposure:

  1. Breach of computerized data system
    Cyber-attacks have occurred throughout the country, targeting many types of businesses and other organizations, including local governments. During the 2018 Legislative Session, the SD Legislature enacted SB 62, which provides new notice requirements for “information holders” to follow when certain cyber-attacks occur. Under this new measure, a “person” or business that conducts business in this state that owns or licenses computerized personal or protected information of residents of this state is an “information holder.” The “information holder,” upon discovery of or notification of a breach of their system’s security must promptly notify any person or resident of this state whose personal or protected information was, or is reasonably believed to have been, acquired by an unauthorized person. This notification must occur within 60 days, unless a longer period of time is needed for legitimate needs of law enforcement.

A “person” is not specifically defined in this measure, but a “person” is defined elsewhere in state statutes to include a local government entity. See SDCL 22-1-2, SDCL 37-24-6 (“person” includes “any other legal entity”). On July 1 and thereafter, if a local government has a breach of their computer system security, or is reasonably certain such breach has occurred, where certain statutorily-defined personal information is acquired unlawfully, then the local government may need to follow the specific notification requirements. These new notification requirements could be met if the local government otherwise complies with federal law and maintains procedures for a breach of system security pursuant to the federal laws and regulations established by the “primary or functional federal regulator,” such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) or the Gramm Leach Bliley Act.

Members of the SDPAA are eligible for cyber liability coverage which provides indemnification and resources in dealing with a wide variety of cyber-attacks and assistance in complying with notification requirements. Members of the SDPAA are also eligible for Enhanced Crime Coverage that may also provide coverage for other types of Computer Fraud and Funds Transfer Fraud. Local governments may need the knowledge and expertise that accompany these coverages in complying with the notification requirements of other states in the event that out-of-state persons have been the victims of a cyber-attack of a local government in South Dakota.

  1. Public input at every Official Meeting of a Public Body
    The SD Legislature enacted House Bill 1172, which will require, “The chair of the public body shall reserve at every official meeting by the public body a period for public comment, limited at the chair’s discretion, but not so limited as to provide for no public comment.” While this may not affect those public bodies comprising elected officials who already allow for general public input, this new requirement may affect many, if not all, citizen boards such as a municipal or county Planning Commission who may not have been allowing for general public input in the past. Public bodies should place a specific item on every agenda for general public input/comment.

The new law leaves the time limits for public input to the discretion of the chair of the public body. However, public bodies should devise rules now, if any, on how much time will be allowed for each speaker and how many speakers will be allowed per meeting or the total time allowed. It could create a significant liability exposure for a public body to wait until a particular meeting to devise those rules on the spur of the moment. The SDPAA provides coverage for those types of liability exposures for its Members.

No specific rule of thumb exists on public input. Public comment/input rules vary as it is common to see particular public bodies allow anywhere from two to five minutes per speaker and then prescribe various total time limits, if any. Some public bodies announce those time and speaker limits on each agenda item; it is anticipated those same public bodies may place those identical limits on their agenda on the item reserved for general public comment/input. Local governments should consult with their attorney on the best approach to fit their particular needs for a particular board, commission, or other public body.

  1. Draft minutes available within 12 days
    Enacted House Bill 1163 will now require the municipal finance officer to deliver the minutes and record of official proceedings of the governing body of that municipality to the official newspaper within five business days after the official meeting. This is a change from the current one-week requirement. Also, those official minutes, including a detailed statement of all expenditures of money and the name of each person paid and the service provided, must be published within twelve business days. This publication time frame is shorter than the thirty days allowed currently. Municipalities should confer with their official newspapers and amend their contracts with them as necessary to ensure that these new deadlines will be met.

As noted above, the SDPAA offers Governmental Liability, Cyber Liability, and Enhanced Crime Coverages to our Members. SDPAA Members also have access to loss control surveys and advice through our Member Services staff as well as through our partnership with Safety Benefits, Inc. at no additional charge. If you would like to speak with someone about any of these coverages or services, please contact the SDPAA office at 800-658-3633 option 2 or by email at sdpaa@sdmunicipalleague.org.

Dave Pfeifle
Executive Director
South Dakota Public Assurance Alliance