Senate Bill 293 would call for the appointment of a privacy officer within the state CIO’s office; the development of a privacy assessment tool for government IT projects; and communication with those whose information has been collected, stored or used as part of state agency IT projects.
“I’ve been a big supporter of this issue for many years now,” said Sen. Chuck Riley, one of the bill’s co-sponsors. “It’s a really difficult intersection to meld the requirements needed for security and data privacy with the concept of openness.”
Through this bill, the state’s CIO, chief data officer and privacy officer, who has yet to be appointed, would be able to set guidelines that would transparently address privacy issues.
For example, Riley expressed concern about the sharing of constituents’ email addresses through public record requests.
“As a legislator, I get a lot of emails from constituents who clearly don’t expect me to share their email addresses,” he said. “However, I get public records requests asking me to share that information.”
At one point, Riley said, a candidate was able to access constituents’ email addresses through a public record request, allowing the candidate to send emails asking for money for a political campaign.
“I refused the request, but still, the state holds a lot of personal information that people should know about,” he said. “They deserve the right to decide what should be done with that information and also deserve the right to determine who can access it.”
Other state lawmakers have also acknowledged various data privacy issues, which have prompted them to craft legislation of their own.
In Oklahoma, Reps. Josh West and Collin Walke recently introduced the Oklahoma Computer Data Privacy Act, which would require Internet tech companies to obtain explicit permission to collect and sell personal data.
In Washington state, Sen. Reuven Carlyle introduced the Washington Privacy Act to grant consumers the right to access, transfer, correct and delete data that companies hold on them.
Similar to Oregon’s bill, the Washington Privacy Act aims to create awareness about how citizen data is being used and clarify what personal rights citizens have to protect their personal information.
Lastly, in Virginia, lawmakers introduced the Consumer Data Protection Act to offer residents added protections against businesses and companies using their personal data without their consent.
Although each bill differs in terms of specifics, the overall goal is the same: protecting citizens’ private information.
“I shouldn’t be sharing constituents’ private information, nor should others,” Riley said. “That’s what this legislation looks to address.”
