A friend of mine (thanks Barry!) pointed out an interesting article from a couple of days ago that reported a new Virginia law will go into effect July 1 requiring all public and private colleges and universities to submit student names, birthdates and social security numbers (SSNs) to state police to cross-check against sex offender registries. 

Hmm...interesting and disconcerting article...let's see more about the law...

Appears the law, known as HB 984, Sex Offender and Crimes Against Minors Registry, was actually signed by Governor Kaine on April 24 and covers a very wide range of actions to identify and catch sexual predators in an effort to keep children safe, and I applaud such efforts when they are well considered and thoughtfully framed. 

However, it appears in the quest to catch all these disgusting monsters, the zealousness of the law writers went beyond just accumulating known offenders, and even likely offenders, and cast a net lumping a large group of individuals who have absolutely no characteristics of being sexual predators, but are merely a targeted stratum of the population...those attending institutions of higher education.  Within all the text outlining the characteristics and requirements for known sexual criminals, the following text is curiously dropped:

"§ 23-2.2:1.  Reporting of student information to Sex Offender and Crimes Against Minor Registry.

Each public and private two- and four-year institution of higher education physically located in the Commonwealth shall electronically transmit data including (i) complete name, (ii) social security number or other identifying number, (iii) date of birth, and (iv) gender to the Department of State Police, in a format approved by the State Police, for comparison with information contained in the Virginia Criminal Information Network and National Crime Information Center Convicted Sexual Offender Registry File, for all applicants that are offered acceptance to attend the institution. This data shall be transmitted before such time that an applicant becomes a "student in attendance" pursuant to 20 U.S.C. 1232g(a)(6) at that institution. However, institutions with a rolling or instantaneous admissions policy shall report enrollment in accordance with guidelines developed by the Department of State Police in consultation with the State Council of Higher Education and the Virginia Community College System. Such guidelines shall be developed no later than January 1, 2007.

Whenever it appears from the records of the State Police that a person has failed to comply with the duty to register or reregister pursuant to Chapter 9 (§9.1-900 et seq.) of Title 9.1, the State Police shall promptly investigate and, if there is probable cause to believe a violation has occurred, obtain a warrant or assist in obtaining an indictment charging a violation of § 18.2-472.1 in the jurisdiction in which the person was enrolled with the educational institution."

So individuals who are pursuing a college education in Virginia now by default have all their personal information combined in with all the known sex offenders and criminals? The intent is certainly noble, but what kind of precedent does this set to collecting the personal information of individuals from basically any other population stratum?  And where will this information about all the students be stored?  How will access to it be protected?  How long will it be retained?  Will it be combined within the databases of known sexual predators?  And what will prevent this personal data from being used for other purposes?

I am all for catching criminals and the horrible monsters who shatter childhoods.  No one wants to see these disgusting poor substitutes for human beings be locked away with the key thrown away more than I.  However, incorporating the personal informtion of innocent individuals who happen to be pursuing high education into a database with these animals is not the right thing to do. 

Noble intentions are good.  However, lawmakers really need to consider the negative impacts their good and noble intentions, and poorly written laws, have upon innocent people.

Technorati Tags
information security
IT compliance
corporate governance
awareness and training
government
data protection law
privacy law
privacy