The Joint Committee on Technology met this afternoon for interim presentations.
Since 2005, Microsoft has been pushing for increased privacy rights across the globe. The EU passed the General Data Protection Regulation in 2018; it is “the global gold standard” for privacy regulations. The United States has sectoral privacy laws such as GLAB, HIPPA, COPPA, FCRA, and state consumer protection laws. However, other privacy laws are handled at the state level. Only five states have comprehensive privacy laws, including Virginia. Last year there were 60 privacy bills introduced in 30 states.
Microsoft has five privacy priorities: covering modern datasets, corporate responsibility, consumer empowerment, transparency, and strong enforcement. The presentation included key issues that have been brought to Microsoft’s attention. Enforcement can be handled by the attorney general by using the private rights of action. There needs to be a clear distinction between the controller and the processor. A controller is a business that decides how and why to collect consumer data while the processor processes the data on behalf of another company. The scope of data covered should include language to ensure legislation will apply to modern online data sets. Exemptions should be defined clearly, data level exemptions’ or industry exemptions. Consumer rights should include access, control, port, minimization, and the ability to delete personal data. Consumers should be able to consent to sensitive data being used and be able to opt-in/out of profiling.
The Secretary of State’s Office presented on the digitization of state government. The online one-stop shop business page is working to incorporate everything from registering with the SOS, paying fees, setting up tax information, and more on one page with one cart to checkout altogether.
Annual business reports are filed online, with 99 percent being filed and available. An online enterprise licensing system is in the works. The SOS is working on a digital Q&A page and a call center.
The goal is to have a “Golden Record” where companies/businesses/organizations can have one login for all accounts. This would be standardization across all state agencies.