To: Governor of the Commonwealth of Virginia
From: Aurora Francis
Subject: Personal Data Protection and Privacy
Date: March 16, 2024
Introduction
As you well know, the citizens of our state, no our country, have been dealing with an all
time high of data and security threats. With the development of new technology constantly on an
upwards incline, crimes involving those technologies has spiked and the people are concerned
for their privacy and data. I write to you today with the intent on informing you of the
importance of privacy and personal data protection laws in the hope that you will provide the
extra push needed to enact them throughout the country.
What is Privacy?
Before determining what is important about privacy and data protection, you’ll need a
solid definition of what it is. The technical definition of privacy is freedom or the state of being
unobserved by the public or others. In simple terms it is having control over your own
information and access to it (Klena 2024). There are different types of privacy as well, including
privacy of communication, thought & feelings, personal data, and individual privacy. The
purpose of this privacy is to guarantee safety & dignity of people & their property be it
intellectual or physical.
Personal Data Concerns
With how prevalent social media and the use of internet is overall people have a lot of
personal info out there. Some applications even obtain peoples data without their knowledge.
Many skip over or just skim data protection & privacy agreements when prompted, so they don’t
even know what they are agreeing to. In fact, according to a Pew Research article about data
protection 97% of surveyed Americans claim they are never prompted with privacy policy
acceptance messages and including that percentage 36% say they never read any of the
agreements before agreeing to them (Auxier 2019). According to ISACA’s Privacy Risk
Management article when it comes to data protection & info the main concerns are maintaining
data integrity and accuracy, the reasons for obtaining data and uses for data, how it was obtained,
security, who has access, & crisis response plans (Tang 2020).
Why People Care
The protection of personal data is important to the people of Virginia because there is so
much someone could do with their private information or what they would want it for. According
to Pew Research over half of the Americans surveyed for their study believe they have data
collected every day. 8% of those people also feel like they don’t have any control over whether
the data is collected or not and what data is being collected (Auxier 2019). According to the
Information Commissioners office (ICO) Understanding & Assessing risk in personal data
breaches article, risks with not having adequate protection include; data being stolen or used for
other malicious purposes. This includes fraud, identity theft, reputation damage, and financial
losses in the event of blackmail or ransom (Risk in Personal Data Breaches 2023). Important
personal data includes personally identifiable information (PII) and biometrics. PII is any
information that can be used to identify you and who you are. Examples of this include your full
name, date of birth, social security number (SSN), card info, address, and much more.
Biometrics are recognizable biological factors that people often use to access things. Examples
of this data being retina scans, finger prints used to open your phone, the sound of your voice,
and more. With your PII or biometrics someone could easily access things they shouldn’t or
impersonate someone.
How Others Protect Privacy
The general data protection regulation (GDPR) is the privacy law used throughout the
European Union (EU) that dictates how data is used, stored, and protected. Within the GDPR
there are 7 protection and accountability principles that must be followed by anyone in a GDPR
jurisdiction that is processing data. These principles are:
1. Lawfulness, fairness and
transparency
2. Purpose limitation
3. Data minimization
4. Accuracy
5. Storage limitation
6. Integrity and Confidentiality
7. Accountability
The GDPR applies to any individuals or businesses that are located and/ or handle data in or
associated with the EU and UK (Klena 2024). Unfortunately, the U.S. does not have a privacy
law like this active.
As of 2022, 10 States have enforced and created privacy and protection laws including
biometrics, some of those states being California, Maryland, and New York. These laws were
roughly based on the Biometric Information Privacy Act (BIPA) based in Illinois and includes
limitation of the sale of biometrics, protection standards for biometrics, and destruction of
biometrics after they have served their purpose of acquisition (Klena 2024).
Conclusion
Virginia along with all other states should enact and enforce personal information
protection and privacy laws because between the constant growing and advancement of the
technological world and the people wanting the reassurance that their data is safe it would be
beneficial to everyone. This is not just people in our city or state asking for this, it is the whole
country. Pros of enacting such laws would be ease of data sharing because it would be safer to
share data, which is important in our technologically based society, more consumer trust and a
better reputation due to that trust, and more difficulty for bad agents attempting to wrongfully
acquire this data (The Benefits of Data Protection Laws). Cons of enacting personal data and
privacy laws include those businesses will have to adjust their policies to remain compliant with
new legislation and these same businesses and corporations will have less overall access to
consumers personal data. Other states have already started implementing privacy laws and
sooner or later it will reach a federal level so why not start trying to establish that now?
Establishing this as a federal law will allow it to keep more people safe then just implementing it
slowly, state by state. Overall, the pros far outweigh the cons in making society safer for
everyone and their data, not just here in Virginia, but all around the U.S(Mcgregor 2022).
References
Auxier, Brooke, et al. “Americans and Privacy: Concerned, Confused and Feeling Lack of
Control over Their Personal Information.” Pew Research Center: Internet, Science & Tech, Pew
Research Center, 15 Nov. 2019, www.pewresearch.org/internet/2019/11/15/americans-and-
privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/.
Klena, Jude. (2024) Privacy Law and Data Protection: Module 6 Cyber Law. [PowerPoint
Slides]. Department of Sociology and Criminology. Old Dominion University.
Mcgregor va Aardt, Li-Anne. “The Pros and Cons of Privacy Laws for Consumers – Lexinter.”
Lexinter Law, 4 May 2022, www.lexinter.net/the-pros-and-cons-of-privacy-laws-for-consumers-
and-corporations.
Tang, Andrea. “Privacy Risk Management.” ISACA, 30 June 2020,
www.isaca.org/resources/isaca-journal/issues/2020/volume-4/privacy-risk-
management?gad_source=1&gclid=Cj0KCQjwhtWvBhD9ARIsAOP0GogUZQWS3jH_jMSksg
KkjzarGeybTIWs_Ud0NwxrFcZb82GF35n2FhEaAio1EALw_wcB.
“The Benefits of Data Protection Laws.” ICO, ico.org.uk/for-organisations/advice-for-small-
organisations/the-benefits-of-data-protection-laws/.
“Understanding and Assessing Risk in Personal Data Breaches.” ICO, 30 Aug. 2023,
ico.org.uk/for-organisations/advice-for-small-organisations/understanding-and-assessing-risk-in-
personal-data-
breaches/#:~:text=You’ll%20need%20to%20think,it%20puts%20people%20at%20risk.