1VAC20-20-20. Electronic transmission of records containing sensitive personal information; encryption or redaction required.
State and local election staff shall use encryption technology meeting the Security Requirements for Cryptographic Modules, FIPS PUB 140-2, issued May 25, 2001, with change notices through December 3, 2002, of the National Institute of Technology (NIST) of the United States Department of Commerce (http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf) to transmit electronically any records containing sensitive personal information. Electronic transmission includes email or facsimile transmission. For purposes of this regulation, sensitive personal information means: (i) more than four digits of a social security number or other unique identifier other than voter identification number; (ii) day and month of birth; or (iii) the residence address of voters qualified for protection under § 24.2-418 of the Code of Virginia. If encryption is not used, then all sensitive personal information must be redacted from the record before the record is transmitted electronically. "Redact" means alteration or truncation of data so that no sensitive personal information is accessible.
DOCUMENTS INCORPORATED BY REFERENCE (1VAC20-20)
Security Requirements for Cryptographic Modules, FIPS PUB 140-2, issued May 25, 2001, including change notices through December 3, 2002, National Institute of Standards and Technology, U.S. Department of Commerce; http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf.