"We have all read, seen, or heard recent news coverage about the importance of protecting the personal and financial data that is routinely compiled by companies and government agencies," Kaine said. "I am proud of Virginia's recent designation as the nation's most business friendly state, but we must reassure Virginians that we are moving aggressively to upgrade and secure state government computer networks.
"These two executive actions should demonstrate that we are eager to work with businesses, state agencies, and consumer advocates to find ways we can better protect the privacy of Virginia consumers," Kaine said.
Executive Directive 5 instructs the Virginia Department of Agriculture and Consumer Services' (VDACS) Division of Consumer Services to pull together business and consumer advocates to develop options for enhancing consumer privacy in Virginia.
"In a time when identify theft is a growing concern and technology has greatly enhanced the information available about consumer behavior and financial transactions, Virginia consumers have reason to be concerned about the confidentiality and resale of this personal information held by private companies," Kaine said.
"I expect this group to look at a full range of options. For example, I'm instructing the group to examine a 'Do Not Sell' registry for consumer information, modeled on the federal 'Do Not Call' registry. Our goal is to be the best in the nation for business and consumer privacy. I believe that having consumers feel secure about their information is good business, and we should be a leader in protecting consumer privacy," the governor said.
A report of the findings and recommendations is to be submitted to the governor by November 1, 2007.
Kaine also signed Executive Order 43 (2007) directing Virginia's Secretary of Technology, Aneesh Chopra, to oversee efforts to examine state government data security policies and to ensure that they are enforced.
The Executive Order follows a recent report from the Virginia Auditor of Public Accounts that concluded a majority of state government agencies in Virginia could do more to protect personal consumer information.
"Agencies of state government collect information on individuals, students, taxpayers, drivers, and a host of other individual information," Kaine said. "We have security standards in place. We must make sure they are appropriate and that they are rigorously enforced to protect against accidental access and deliberate hacking as well."
While almost all state agencies have some kind of oversight of their information technology systems, Executive Order 43 requires the Secretary of Technology to report annually to the governor, by October 15th of each year, on information security compliance efforts undertaken by state government agencies and institutions.
