PRINTER'S NO. 369

THE GENERAL ASSEMBLY OF PENNSYLVANIA


HOUSE RESOLUTION

No. 70 Session of 2007


        INTRODUCED BY PRESTON, GODSHALL, ADOLPH, BAKER, BOYD, BRENNAN,
           CALTAGIRONE, CLYMER, ELLIS, FAIRCHILD, GEORGE, GERGELY,
           HARHAI, KIRKLAND, KOTIK, MANN, McGEEHAN, PALLONE, RAMALEY,
           READSHAW, REICHLEY, SAINATO, SIPTROTH, SOLOBAY, STAIRS,
           THOMAS AND YOUNGBLOOD, FEBRUARY 9, 2007

        REFERRED TO COMMITTEE ON CONSUMER AFFAIRS, FEBRUARY 9, 2007

                                  A RESOLUTION

     1  Establishing a select committee to investigate and review the
     2     policies, procedures and practices in place by the various
     3     Commonwealth agencies, authorities, boards, commissions,
     4     councils, departments and offices and the entities they
     5     license or regulate to protect the personal health, financial
     6     and other sensitive data of the citizens of this
     7     Commonwealth.

     8     WHEREAS, Identity theft is one of the fastest growing crimes
     9  in the nation, causing more than $2 billion in losses to
    10  consumers, businesses and government bodies in this
    11  Commonwealth; and
    12     WHEREAS, The General Assembly is committed to the protection
    13  of the personal health, financial and other sensitive data of
    14  the residents of this Commonwealth; and
    15     WHEREAS, The dramatic increase in computer interconnectivity
    16  and Internet usage are changing the way the Commonwealth and the
    17  nation are communicating and conducting business; and
    18     WHEREAS, Without proper safeguards, this interconnectivity
    19  poses tremendous risks that make it easier for individuals and

     1  groups to gain access to improperly protected systems within
     2  Commonwealth agencies, authorities, boards, commissions,
     3  councils, departments and offices and the entities they license
     4  or regulate; and
     5     WHEREAS, Those agencies, authorities, boards, commissions,
     6  councils, departments and offices and the entities they license
     7  or regulate have critical facilities that support the
     8  processing, storage and transmission of personal health,
     9  financial and other sensitive data; and
    10     WHEREAS, The public's trust and confidence that those
    11  agencies, authorities, boards, commissions, councils,
    12  departments and offices and the entities they license or
    13  regulate are protecting personal health, financial and other
    14  sensitive data is critical to carrying out the mission and laws
    15  of this Commonwealth; and
    16     WHEREAS, Potential information security weaknesses within
    17  those agencies, authorities, boards, commissions, councils,
    18  departments and offices and the entities they license or
    19  regulate can place critical State operations and programs at
    20  risk for disruption, fraud and inappropriate disclosure of
    21  health, financial and other sensitive data; and
    22     WHEREAS, HR 351 of the 2005-2006 legislative session, adopted
    23  July 1, 2005, established a select committee to investigate and
    24  review policies, procedures and practices to determine if the
    25  appropriate and necessary information security is in place in
    26  the Commonwealth; and
    27     WHEREAS, The select committee submitted a report of its
    28  findings and recommendations to the House of Representatives on
    29  November 28, 2006; and
    30     WHEREAS, The select committee recommended that the House of
    20070H0070R0369                  - 2 -     

     1  Representatives extend the authority of the select committee for
     2  one year to further investigate and review the policies,
     3  procedures and practices currently in place in various
     4  Commonwealth agencies, authorities, boards, commissions,
     5  councils, departments and offices and the entities they license
     6  or regulate to protect personal health, financial and other
     7  sensitive data of the citizens of this Commonwealth; therefore
     8  be it
     9     RESOLVED, That the House of Representatives establish a
    10  select committee to investigate and review the policies,
    11  procedures and practices in place by the various Commonwealth
    12  agencies, authorities, boards, commissions, councils,
    13  departments and offices and the entities they license or
    14  regulate to determine if they have appropriate and necessary
    15  information security in place to:
    16         (1)  protect their information and information systems
    17     from unauthorized access, use, disclosure, disruption,
    18     modification or destruction;
    19         (2)  protect the confidentiality, integrity and
    20     availability of that information and their information
    21     systems;
    22         (3)  meet industry, public and private sector and Federal
    23     best practices;
    24         (4)  meet all Federal and State laws and rules and
    25     regulations;
    26         (5)  determine if authority has been properly delegated
    27     to appropriate personnel in order to ensure compliance with
    28     any information security programs and all Federal and State
    29     laws;
    30         (6)  conduct regular risk assessments to assess and
    20070H0070R0369                  - 3 -     

     1     adjust any information security programs to meet current
     2     threats;
     3         (7)  periodically test and evaluate information security
     4     controls and techniques; and
     5         (8)  ensure that information security programs and all
     6     Federal and State laws and regulations are effectively
     7     implemented;
     8  and be it further
     9     RESOLVED, That the select committee consist of 30 members of
    10  the House of Representatives, 17 members from the majority party
    11  and 13 members from the minority party; and be it further
    12     RESOLVED, That the Speaker of the House of Representatives
    13  appoint 17 members of the House of Representatives, including
    14  the chairman of the select committee, from the Consumer Affairs
    15  Committee, the Commerce Committee, the Judiciary Committee, the
    16  State Government Committee and the Intergovernmental Affairs
    17  Committee; and be it further
    18     RESOLVED, That the Minority Leader of the House of
    19  Representatives appoint 13 members of the House of
    20  Representatives from the Consumer Affairs Committee, the
    21  Commerce Committee, the Judiciary Committee, the State
    22  Government Committee and the Intergovernmental Affairs
    23  Committee; and be it further
    24     RESOLVED, That the select committee hold hearings, take
    25  testimony and make its investigation at such places as it deems
    26  necessary in this Commonwealth; and be it further
    27     RESOLVED, That if the select committee determines that
    28  testimony it is about to receive is of a confidential nature or
    29  would disclose practices which, if made public, may compromise
    30  security measures already in place or which may be put in place
    20070H0070R0369                  - 4 -     

     1  in the future, the select committee be permitted to close the
     2  hearing to the public, but only for the duration of such
     3  confidential or security sensitive testimony; and be it further
     4     RESOLVED, That the ordinary and reasonable expenses incurred
     5  by the select committee be paid from accounts under the control
     6  of the Chief Clerk; and be it further
     7     RESOLVED, That the select committee submit a report of its
     8  findings together with its recommendations for any appropriate
     9  legislation or other action to the House of Representatives not
    10  later than November 30, 2008.














    B6L82DMS/20070H0070R0369         - 5 -
See other bills
under the
same topic