House committee tackles consumer protections and cybersecurity

House Committee on Communications, Technology and Innovation ponders issues including regulating devices for children in schools

Published January 16, 2020 by Macy Pressley | Capital News Service

RICHMOND, Va. — In one of the more modern meeting rooms at the over two centuries old State Capitol, 22 lawmakers gather on Mondays to confront the increasing cybersecurity threats looming over Virginia residents.

This session the House Committee on Communications, Technology and Innovation will consider a variety of issues, including managing data in an increasingly digital world, regulating devices for children in schools and enabling consumers with the right to access their data and determine if it has been sold to a data broker.

The committee will also hear proposals on a range of cybersecurity issues. These include House Bill 322 which seeks to create a cybersecurity advisory council. HB 524 aims to create a volunteer group of tech industry professionals to help localities and school divisions address information technology and cybersecurity issues. HB 954 requires businesses to take reasonable steps to dispose of customer records when the company no longer needs those documents.

The committee leadership has a host of expertise in technology and cybersecurity. The chair, Del. Cliff Hayes Jr., D-Chesapeake spent over 25 years working in the cybersecurity field, including time as the director of information technology for the Norfolk Sheriff’s Office. Hayes Jr. said he was optimistic about Virginia’s future in cybersecurity, but did not understate the risks.

“Anywhere in the world is at a high risk in this day in age,” Hayes said. “We have to make sure we do everything we can to protect our infrastructure and those devices that are connected to it.”

Vice Chair Del. Hala Ayala, D-Woodbridge, spent over 15 years working as a cybersecurity specialist for the Department of Homeland Security. She said the committee will work with the federal government to prevent cyber attacks from hostile foreign adversaries.

When it comes to cybersecurity, Virginians have reason to be cautious. Some of the biggest companies in the world such as Amazon store data in the state. Seventy percent of the world’s daily internet traffic is routed through Loudoun County, according to Loudoun’s department of economic development. Since 2010, Microsoft continues to expand its data center operations in Mecklenburg County. Facebook recently opened a 1 million square foot data center in Henrico, with plans to add another 1.5 million square feet.

Hayes said the committee plans to be proactive when it comes to dealing with the increasing cybersecurity threats.

“Historically, most of the cyber, artificial intelligence, unmanned systems, and all of those types of issues were referred to other committees for some reason,” he said. “But now, those bills are going to be coming to this committee and we have an abundance of expertise in this area.”

Virginia’s cyber investments aren’t invulnerable, especially given the growing threat of hostile foreign powers such as Iran. The Iranians have spent years cultivating a skilled team of hackers that could potentially threaten U.S. cybersecurity, according to a recent Washington Post survey of leaders from government, academia and the private sector.

“We’re trying to make steps at the federal level to strengthen our security infrastructure,” Ayala said.

At the state level, Ayala said the committee plans to protect consumers against potential breaches and advocate for consumer privacy.

“You’ll see a lot of privacy legislation come out,” she said. “We want to strengthen consumer data and protection.”

Del. Kathy Byron, R-Bedford, said the key to protecting Virginians against cybersecurity threats will be education.

“It’s critical that we continue to train young people so we have the workforce and workforce skills to be able to help companies,” Byron said.

Byron also said there were a number of steps Virginians could take to protect themselves from identity theft.

“Check daily for activity from your financial institutions to make sure someone hasn’t used that information,” Byron said.

Ayala said there are a number of ways to protect your online activities as well.

“Change your passwords every 60 to 90 days,” Ayala said. “I use something called LastPass to encrypt passwords.”