Agencies | Governor
Virginia Regulatory Town Hall

Proposed Text

highlight

Action:
Secure Data Transmission
Stage: Proposed
 
1VAC20-20

CHAPTER 20
RECORDS ADMINISTRATION

1VAC20-20-10

1VAC20-20-10. (Reserved.)

1VAC20-20-20

1VAC20-20-20. Electronic transmission of records containing sensitive personal information; encryption or redaction required.

State and local election staff shall use encryption technology meeting the Security Requirements for Cryptographic Modules, FIPS PUB 140-2, issued May 25, 2001, with change notices through December 3, 2002, of the National Institute of Technology (NIST) of the United States Department of Commerce (http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf) to transmit electronically any records containing sensitive personal information. Electronic transmission includes email or facsimile transmission. For purposes of this regulation, sensitive personal information means: (i) more than four digits of a social security number or other unique identifier other than voter identification number; (ii) day and month of birth; or (iii) the residence address of voters qualified for protection under ยง 24.2-418 of the Code of Virginia. If encryption is not used, then all sensitive personal information must be redacted from the record before the record is transmitted electronically. "Redact" means alteration or truncation of data so that no sensitive personal information is accessible.

1VAC20-20-9999

DOCUMENTS INCORPORATED BY REFERENCE (1VAC20-20)

Security Requirements for Cryptographic Modules, FIPS PUB 140-2, issued May 25, 2001, including change notices through December 3, 2002, National Institute of Standards and Technology, U.S. Department of Commerce; http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf.