A. Authority and Scope of Study

In 1994, the General Assembly passed House Joint Resolution No. 66 (Appendix A), which created a 19-member joint subcommittee to study state and federal law on privacy, confidentiality, and mandatory disclosure of information held or used by governmental agencies.

The resolution directed the subcommittee to (i) identify existing mandatory state and federal confidentiality and disclosure laws; (ii) determine the circumstances under which disclosure laws supersede confidentiality laws; (iii) identify necessary statutory changes to clarify conflicts between disclosure and confidentiality; (iv) identify existing state expungement laws and where third party expungement provisions are necessary to ensure confidentiality beyond the origin of the information; (v) clarify the legal ramifications of the Privacy Protection Act on state confidentiality, disclosure, and expungement laws; (vi) develop a statewide resource manual to guide local service providers on confidentiality and disclosure laws and decisions; and (vii) develop training programs to inform local service providers on the laws in the manual which may impact their work.

B. Members

Serving on the joint subcommittee were Delegates L. Karen Darner of Arlington (chairman), David B. Albo of Fairfax County, Bernard S. Cohen of Alexandria, Mary T. Christian of Hampton, George W. Grayson of Williamsburg, H. Morgan Griffith of Salem, Frank D. Hargrove, Sr. of Hanover, Jerrauld C. Jones of Norfolk, William S. Moore, Jr. of Portsmouth and Senators Robert L. Calhoun of Alexandria, Joseph V. Gartlan, Jr. of Fairfax County, R. Edward Houck of Spotsylvania (vice chairman), Madison E. Marye of Montgomery, Frederick M. Quayle of Chesapeake and Kenneth W. Stolle of Virginia Beach. Ex officio members included Kay Coles James, Secretary of Health and Human Resources; Jerry W. Kilgore, Secretary of Public Safety; Beverly H. Sgro, Secretary of Education; and Michael E. Thomas, Secretary of Administration.

C. Confidentiality and Disclosure: The Dual Nature of Information

The development of the law governing confidentiality and disclosure of governmental information has been an evolutionary process, reflecting an ever-changing view of society's need for individual privacy and government accountability. People generally expect government processes to be open to public scrutiny and participation. At the same time, they want personal information collected by government to be protected against unwarranted invasions of their privacy. At a minimal, they expect (i) the collection of only necessary and accurate information; (ii) the right to see and correct their own records; and (iii) a notice before personal information is shared with others. Maintaining a balance between privacy protection and government accountability has been a challenge to the Commonwealth. The following comprehensive statutes in the Code of Virginia provide standards on the collection, retention, and dissemination of most government records:

• The Virginia Freedom of Information Act (FOIA) (section 2.1-340 et seq.) sets the standards for determining which records must be disclosed and which records may be disclosed in the discretion of the record keeper. Designed to ensure "government in the sunshine" for the people in the Commonwealth, FOIA directs that all nonexempt official records be open to inspections and copying within five business days after the request, except as may be otherwise specified by law. Currently, 58 exemptions from mandatory disclosure are listed in the FOIA. A common misconception regarding exempt records is that these records are automatically confidential. Unless the exemption directly specifies confidentiality or there is a separate confidential law that applies, these exempt records may be disclosed in the discretion of the record keeper.

• The Privacy Protection Act of 1976 (section 2.1-377 et seq.) is a companion of FOIA and provides safeguards against the invasion of privacy through the misuse of records by state and local agencies. The Act places certain restrictions and requirements on the collection, maintenance, and dissemination of information by government agencies. Information collected by each agency must be relevant, accurate, current, and clearly necessary. No information can be collected except as explicitly or implicitly authorized by law. Individuals are. entitled to learn the purpose of such collection and to correct inaccurate information. Although the privacy act restricts the collection of and access to information in many respects, it does not make personal information confidential. Whether personal information must be kept confidential or must be released depends upon the governing statutes and the regulations and practices adopted by the agency.

• The Virginia Public Records Act (section 42.1-76 et seq.) establishes procedures for public records management and preservation to ensure that the procedures used to preserve public records will be uniform throughout the Commonwealth. It also preserves the confidentiality of any record of any public entity, including a court that is otherwise made confidential by statute or court order, even after the record is archived.

In addition to these standards, there are numerous confidentiality and disclosure rules embodied in statutes, regulations and agency practices that govern the release of sensitive and personal information. These provisions target specific agency records and reflect most closely the present attitude concerning privacy and disclosure. Generally, confidentiality statutes protect individuals from:

• Embarrassment and humiliation by disclosure of personal or family problems (e.g., treatment for alcohol and drug abuse).

• Exposure of information that is inherently inflammatory and unsubstantiated (such as allegations of child abuse or mental instability).

• Lack of personal security (such as the location of victims and witnesses).

• Loss of job security, particularly when personal problems may have no connection with actual job performance.

• Disclosure of trade secrets and proprietary interests.

Disclosure laws enhance:

• Public safety (e.g., by requiring mandatory disclosure of criminal history records as a condition to issuing certain licenses for or employment in positions of trust).

• Fraud and abuse prevention through a periodic review of eligibility records (such as Medicaid claims or student financial assistance).

• Treatment services by increasing an agency's ability to share confidential information with other agencies as part of a comprehensive treatment program.

D. Prior Related Studies

In 1988, at the request of the Secretary of Health and Human Resources, the Plan of Cooperation Development Committee established a joint state-local work group to examine issues involving the sharing of client-related information. In its examination, priority was given to:

• Assessing the nature and extent of issues surrounding interagency sharing of
client information;

• Identifying specific barriers to information sharing; and

• Providing recommendations for improved sharing of client information In conjunction with federal, state, and local statutes and regulations.

The 1989 final report, "Issues Involved in Sharing Client Information Among Local Services Agencies," recommended that the Attorney General finalize a multiagency release-of-information form and conduct regional seminars on the sharing of client information for local service agencies. In response, the Attorney General unveiled a release form at the 1992 Teleconference on Confidentiality and Collaboration: Working Together with the Clients We Share. The form enables participating agencies serving the same client to repeatedly share "confidential information" after the client gives his initial consent. The form eliminates the need to duplicate intake information or obtain multiple consent releases from the client.

In 1993, the Commission of Youth conducted a separate study on the confidentiality of juvenile records. During its study, the Commission found that some service providers involved in interagency collaboration and exchange of "confidential" information were unfamiliar with the confidentiality and disclosure requirements outside their own discipline. Even within their own discipline, these service providers encountered difficulties in applying the law to individual cases and often sought the assistance of legal counsel. Different time schedules for the expungement of confidential records of juveniles added to the confusion of record maintenance and appeared to be contrary to the interests of children and families. In light of these preliminary findings, the Commission recommended that a legislative study subcommittee be established to examine these issues further and determine what, if any, clarifications of the law were necessary.