SJ51: Government databases and data communications; study adequacy of security.

SENATE JOINT RESOLUTION NO. 51
Offered January 11, 2006
Prefiled January 10, 2006
Directing the Joint Legislative Audit and Review Commission to study the adequacy of the security of state government databases and data communications from unauthorized uses. Report.
Patron-- O'Brien

Referred to Committee on Rules

WHEREAS, information collected and managed by state agencies and public institutions of higher education through the means of computer networks and the Internet contains personal information and other identifying particulars regarding individuals who come into contact with the government; and

WHEREAS, the personal information that is stored or accessed in government databases includes real or personal property holdings, education, financial transactions, medical history, ancestry, religion, political ideology, criminal or employment record, finger and voice prints, photographs, the record of an individual's presence, registration, or membership in organizations or activities, or his admission to an institution; and

WHEREAS,  the Chief Information Officer for the Commonwealth is required to direct the development of policies, procedures, and standards for assessing security risks, determining the appropriate security measures, and performing security audits of government databases; and

WHEREAS, these policies, procedures, and standards include periodic security audits of all executive branch agencies and institutions of higher education regarding the protection of government databases and data communications; and

WHEREAS, despite the existence of statewide policies, procedures, and standards, the threat of unauthorized and unlawful access to government databases and data communications is ever increasing as new vulnerabilities are discovered and old vulnerabilities are being exploited in new ways; and

WHEREAS, in light of the potential harm to citizens caused by a breach of security measures, there is a need to conduct a comprehensive review of the adequacy of the security of state government databases and data communications from unauthorized uses; now, therefore, be it

RESOLVED by the Senate, the House of Delegates concurring, That the Joint Legislative Audit and Review Commission be directed to study the adequacy of the security of state government databases and data communications from unauthorized uses.

All agencies of the Commonwealth shall provide assistance to the Commission for this study, upon request.

The Joint Legislative Audit and Review Commission shall complete its meetings by November 30, 2006, and the Chairman shall submit to the Division of Legislative Automated Systems an executive summary of its findings and recommendations no later than the first day of the 2007 Regular Session of the General Assembly. The executive summary shall state whether the Commission intends to submit to the Governor and the General Assembly a report of its findings and recommendations for publication as a document. The executive summary and report shall be submitted as provided in the procedures of the Division of Legislative Automated Systems for the processing of legislative documents and reports and shall be posted on the General Assembly's website.