§ 2.2-3800 Short title; findings; principles of information practice
A. This chapter may be cited as the “Government Data Collection and Dissemination Practices Act.”
1. An individual’s privacy is directly affected by the extensive collection, maintenance, use and dissemination of personal information;
2. The increasing use of computers and sophisticated information technology has greatly magnified the harm that can occur from these practices;
3. An individual’s opportunities to secure employment, insurance, credit, and his right to due process, and other legal protections are endangered by the misuse of certain of these personal information systems; and
4. In order to preserve the rights guaranteed a citizen in a free society, legislation is necessary to establish procedures to govern information systems containing records on individuals.
C. Recordkeeping agencies of the Commonwealth and political subdivisions shall adhere to the following principles of information practice to ensure safeguards for personal privacy:
1. There shall be no personal information system whose existence is secret.
2. Information shall not be collected unless the need for it has been clearly established in advance.
3. Information shall be appropriate and relevant to the purpose for which it has been collected.
4. Information shall not be obtained by fraudulent or unfair means.
5. Information shall not be used unless it is accurate and current.
6. There shall be a prescribed procedure for an individual to learn the purpose for which information has been recorded and particulars about its use and dissemination.
7. There shall be a clearly prescribed and uncomplicated procedure for an individual to correct, erase or amend inaccurate, obsolete or irrelevant information.
8. Any agency holding personal information shall assure its reliability and take precautions to prevent its misuse.
9. There shall be a clearly prescribed procedure to prevent personal information collected for one purpose from being used or disseminated for another purpose unless such use or dissemination is authorized or required by law.
10. The Commonwealth or any agency or political subdivision thereof shall not collect personal information except as explicitly or implicitly authorized by law.
History
This law was first created in 1976. The record of its establishment is cataloged in chapter 597 of that year’s edition of “Acts of Assembly,” the annual state publication listing all changes made to the Code of Virginia in that year. Unfortunately, the 1976 “Acts” aren’t available online. It has been modified 5 times. Those modifications are cataloged by “The Acts of Assembly,” a state publication, by year and chapter. Those modifications that can be read on the General Assembly’s website will be linked accordingly. Those modifications are as follows: in 1987, chapter 506; in 2001, chapter 844; in 2003, chapters 791, 914, 918, and 927; in 2009, chapters 849 and 867; in 2018, chapters 597 and 679.
1976, c. 597, §§ 2.1-377, 2.1-378; 1987, c. 506; 2001, c. 844; 2003, cc. 791, 914, 918, 927; 2009, cc. 849, 867; 2018, cc. 597, 679.