VIRGINIA LAW PORTAL

• Code of Virginia
• Virginia Administrative Code
• Constitution of Virginia
• Charters
• Authorities
• Compacts
• Uncodified Acts
• RIS Users (account required)

SEARCHABLE DATABASES

• Bills & Resolutions
  session legislation
• Bill Summaries
  session summaries
• Reports to the General Assembly
  House and Senate documents
• Legislative Liaisons
  State agency contacts

ACROSS SESSIONS

• Subject Index: Since 1995
• Bills & Resolutions: Since 1994
• Summaries: Since 1994

Developed and maintained by the Division of Legislative Automated Systems.

2000 SESSION

• history | hilite | pdf | print version

004946720
HOUSE BILL NO. 1493 Offered January 24, 2000 A BILL to amend and reenact §§ 2.1-380 and 2.1-385 of the Code of Virginia, relating to the Privacy Protection Act. ---------- Patrons-- Devolites, Barlow, Baskerville, Marshall, May, Nixon and Rust ---------- Referred to Committee on General Laws ----------

Be it enacted by the General Assembly of Virginia:

1. That §§ 2.1-380 and 2.1-385 of the Code of Virginia are amended and reenacted as follows:

§ 2.1-380. Administration of systems including personal information.

Any agency maintaining an information system that includes personal information shall:

1. Collect, maintain, use, and disseminate only that personal information permitted or required by law to be so collected, maintained, used, or disseminated, or necessary to accomplish a proper purpose of the agency;

2. Collect information to the greatest extent feasible from the data subject directly;

3. Establish categories for maintaining personal information to operate in conjunction with confidentiality requirements and access controls;

4. Maintain information in the system with accuracy, completeness, timeliness, and pertinence as necessary to assure fairness in determinations relating to a data subject;

5. Make no dissemination to another system without (i) specifying requirements for security and usage including limitations on access thereto, and (ii) receiving reasonable assurances that those requirements and limitations will be observed, provided this subdivision shall not apply to a dissemination made by an agency to an agency in another state, district or territory of the United States where the personal information is requested by the agency of such other state, district or territory in connection with the application of the data subject therein for a service, privilege or right under the laws thereof, nor shall this apply to information transmitted to family advocacy representatives of the United States Armed Forces in accordance with § 63.1-248.6 H;

6. Maintain a list of all persons or organizations having regular access to personal information in the information system;

7. Maintain for a period of three years or until such time as the personal information is purged, whichever is shorter, a complete and accurate record, including identity and purpose, of every access to any personal information in a system, including the identity of any persons or organizations not having regular access authority but excluding access by the personnel of the agency wherein data is put to service for the purpose for which it is obtained;

8. Take affirmative action to establish rules of conduct and inform each person involved in the design, development, operation, or maintenance of the system, or the collection or use of any personal information contained therein, about all the requirements of this chapter, the rules and procedures, including penalties for noncompliance, of the agency designed to assure compliance with such requirements;

9. Establish appropriate safeguards to secure the system from any reasonably foreseeable threat to its security;

10. Collect no personal information concerning the political or religious beliefs, affiliations, and activities of data subjects which is maintained, used or disseminated in or by any information system operated by any agency unless authorized explicitly by statute or ordinance.

§ 2.1-385. Disclosure of personal information; social security number.

A. No agency shall disclose the personal information of any data subject unless the disclosure of such information (i) is specifically required by federal or state law, (ii) is to another agency where disclosure is necessary for the performance of either agency's official duties as prescribed by law, or (iii) is made pursuant to the provisions of subdivision 5 of § 2.1-380.

On or after July 1, 1977, it B. It shall be unlawful for any agency to require an individual to disclose or furnish his social security account number not previously disclosed or furnished, for any purpose in connection with any activity, or to refuse any service, privilege or right to an individual wholly or partly because such individual does not disclose or furnish such number, unless the disclosure or furnishing of such number is specifically required by federal or state law.