PRINTER'S NO. 369
No. 70 Session of 2007
INTRODUCED BY PRESTON, GODSHALL, ADOLPH, BAKER, BOYD, BRENNAN,
CALTAGIRONE, CLYMER, ELLIS, FAIRCHILD, GEORGE, GERGELY,
HARHAI, KIRKLAND, KOTIK, MANN, McGEEHAN, PALLONE, RAMALEY,
READSHAW, REICHLEY, SAINATO, SIPTROTH, SOLOBAY, STAIRS,
THOMAS AND YOUNGBLOOD, FEBRUARY 9, 2007
REFERRED TO COMMITTEE ON CONSUMER AFFAIRS, FEBRUARY 9, 2007
A RESOLUTION
1 Establishing a select committee to investigate and review the
2 policies, procedures and practices in place by the various
3 Commonwealth agencies, authorities, boards, commissions,
4 councils, departments and offices and the entities they
5 license or regulate to protect the personal health, financial
6 and other sensitive data of the citizens of this
7 Commonwealth.
8 WHEREAS, Identity theft is one of the fastest growing crimes
9 in the nation, causing more than $2 billion in losses to
10 consumers, businesses and government bodies in this
11 Commonwealth; and
12 WHEREAS, The General Assembly is committed to the protection
13 of the personal health, financial and other sensitive data of
14 the residents of this Commonwealth; and
15 WHEREAS, The dramatic increase in computer interconnectivity
16 and Internet usage are changing the way the Commonwealth and the
17 nation are communicating and conducting business; and
18 WHEREAS, Without proper safeguards, this interconnectivity
19 poses tremendous risks that make it easier for individuals and
1 groups to gain access to improperly protected systems within
2 Commonwealth agencies, authorities, boards, commissions,
3 councils, departments and offices and the entities they license
4 or regulate; and
5 WHEREAS, Those agencies, authorities, boards, commissions,
6 councils, departments and offices and the entities they license
7 or regulate have critical facilities that support the
8 processing, storage and transmission of personal health,
9 financial and other sensitive data; and
10 WHEREAS, The public's trust and confidence that those
11 agencies, authorities, boards, commissions, councils,
12 departments and offices and the entities they license or
13 regulate are protecting personal health, financial and other
14 sensitive data is critical to carrying out the mission and laws
15 of this Commonwealth; and
16 WHEREAS, Potential information security weaknesses within
17 those agencies, authorities, boards, commissions, councils,
18 departments and offices and the entities they license or
19 regulate can place critical State operations and programs at
20 risk for disruption, fraud and inappropriate disclosure of
21 health, financial and other sensitive data; and
22 WHEREAS, HR 351 of the 2005-2006 legislative session, adopted
23 July 1, 2005, established a select committee to investigate and
24 review policies, procedures and practices to determine if the
25 appropriate and necessary information security is in place in
26 the Commonwealth; and
27 WHEREAS, The select committee submitted a report of its
28 findings and recommendations to the House of Representatives on
29 November 28, 2006; and
30 WHEREAS, The select committee recommended that the House of
20070H0070R0369 - 2 -
1 Representatives extend the authority of the select committee for
2 one year to further investigate and review the policies,
3 procedures and practices currently in place in various
4 Commonwealth agencies, authorities, boards, commissions,
5 councils, departments and offices and the entities they license
6 or regulate to protect personal health, financial and other
7 sensitive data of the citizens of this Commonwealth; therefore
8 be it
9 RESOLVED, That the House of Representatives establish a
10 select committee to investigate and review the policies,
11 procedures and practices in place by the various Commonwealth
12 agencies, authorities, boards, commissions, councils,
13 departments and offices and the entities they license or
14 regulate to determine if they have appropriate and necessary
15 information security in place to:
16 (1) protect their information and information systems
17 from unauthorized access, use, disclosure, disruption,
18 modification or destruction;
19 (2) protect the confidentiality, integrity and
20 availability of that information and their information
21 systems;
22 (3) meet industry, public and private sector and Federal
23 best practices;
24 (4) meet all Federal and State laws and rules and
25 regulations;
26 (5) determine if authority has been properly delegated
27 to appropriate personnel in order to ensure compliance with
28 any information security programs and all Federal and State
29 laws;
30 (6) conduct regular risk assessments to assess and
20070H0070R0369 - 3 -
1 adjust any information security programs to meet current
2 threats;
3 (7) periodically test and evaluate information security
4 controls and techniques; and
5 (8) ensure that information security programs and all
6 Federal and State laws and regulations are effectively
7 implemented;
8 and be it further
9 RESOLVED, That the select committee consist of 30 members of
10 the House of Representatives, 17 members from the majority party
11 and 13 members from the minority party; and be it further
12 RESOLVED, That the Speaker of the House of Representatives
13 appoint 17 members of the House of Representatives, including
14 the chairman of the select committee, from the Consumer Affairs
15 Committee, the Commerce Committee, the Judiciary Committee, the
16 State Government Committee and the Intergovernmental Affairs
17 Committee; and be it further
18 RESOLVED, That the Minority Leader of the House of
19 Representatives appoint 13 members of the House of
20 Representatives from the Consumer Affairs Committee, the
21 Commerce Committee, the Judiciary Committee, the State
22 Government Committee and the Intergovernmental Affairs
23 Committee; and be it further
24 RESOLVED, That the select committee hold hearings, take
25 testimony and make its investigation at such places as it deems
26 necessary in this Commonwealth; and be it further
27 RESOLVED, That if the select committee determines that
28 testimony it is about to receive is of a confidential nature or
29 would disclose practices which, if made public, may compromise
30 security measures already in place or which may be put in place
20070H0070R0369 - 4 -
1 in the future, the select committee be permitted to close the
2 hearing to the public, but only for the duration of such
3 confidential or security sensitive testimony; and be it further
4 RESOLVED, That the ordinary and reasonable expenses incurred
5 by the select committee be paid from accounts under the control
6 of the Chief Clerk; and be it further
7 RESOLVED, That the select committee submit a report of its
8 findings together with its recommendations for any appropriate
9 legislation or other action to the House of Representatives not
10 later than November 30, 2008.
B6L82DMS/20070H0070R0369 - 5 -