PRINTER'S NO. 1919
No. 1266 Session of 2008
INTRODUCED BY PILEGGI, WONDERLING, CORMAN, WASHINGTON, MADIGAN, PIPPY, M. WHITE, WAUGH, KASUNIC, COSTA, TARTAGLIONE, TOMLINSON, WOZNIAK, GORDNER, BAKER, C. WILLIAMS, PUNT, PICCOLA, O'PAKE, ROBBINS, ORIE, ERICKSON, LAVALLE, FOLMER, RAFFERTY, KITCHEN, BRUBAKER, BROWNE, BOSCOLA AND RHOADES, APRIL 8, 2008
REFERRED TO COMMUNICATIONS AND TECHNOLOGY, APRIL 8, 2008
AN ACT 1 Amending the act of December 22, 2005 (P.L.474, No.94), entitled 2 "An act providing for the notification of residents whose 3 personal information data was or may have been disclosed due 4 to a security system breach; and imposing penalties," further 5 providing for notification of breach. 6 The General Assembly of the Commonwealth of Pennsylvania 7 hereby enacts as follows: 8 Section 1. Section 3 of the act of December 22, 2005 9 (P.L.474, No.94), known as the Breach of Personal Information 10 Notification Act, is amended by adding a subsection to read: 11 Section 3. Notification of breach. 12 * * * 13 (a.1) Notification by government entity.--If a State agency 14 or political subdivision is the subject of a breach of security 15 of the system, the State agency or political subdivision shall 16 provide notice of the breach of security of the system required 17 under subsection (a) within seven days following discovery of
1 the breach. Notification shall be provided to the Office of 2 Attorney General within three business days following discovery 3 of the breach. Notification shall occur regardless of the 4 existence of procedures and policies under section 7. 5 * * * 6 Section 2. The act is amended by adding a section to read: 7 Section 3.1. Investigation of breach involving a government 8 entity. 9 (a) Investigation.--Upon receipt of notification under 10 section 3(a.1), the Office of Attorney General shall investigate 11 the breach. The investigation shall include a review of 12 procedures, a determination of the cause of the breach and 13 recommendations to the agency relating to prevention of similar 14 breaches in the future. 15 (b) Cost.--The cost of the investigation shall be paid by 16 the agency in which the breach occurred. 17 Section 3. This act shall take effect in 60 days. D1L12RLE/20080S1266B1919 - 2 -