See other bills
under the
same topic 
                                                      PRINTER'S NO. 1919

THE GENERAL ASSEMBLY OF PENNSYLVANIA

SENATE BILL

No. 1266 Session of 2008 

        INTRODUCED BY PILEGGI, WONDERLING, CORMAN, WASHINGTON, MADIGAN,
           PIPPY, M. WHITE, WAUGH, KASUNIC, COSTA, TARTAGLIONE,
           TOMLINSON, WOZNIAK, GORDNER, BAKER, C. WILLIAMS, PUNT,
           PICCOLA, O'PAKE, ROBBINS, ORIE, ERICKSON, LAVALLE, FOLMER,
           RAFFERTY, KITCHEN, BRUBAKER, BROWNE, BOSCOLA AND RHOADES,
           APRIL 8, 2008

        REFERRED TO COMMUNICATIONS AND TECHNOLOGY, APRIL 8, 2008

                                     AN ACT

     1  Amending the act of December 22, 2005 (P.L.474, No.94), entitled
     2     "An act providing for the notification of residents whose
     3     personal information data was or may have been disclosed due
     4     to a security system breach; and imposing penalties," further
     5     providing for notification of breach.

     6     The General Assembly of the Commonwealth of Pennsylvania
     7  hereby enacts as follows:
     8     Section 1.  Section 3 of the act of December 22, 2005
     9  (P.L.474, No.94), known as the Breach of Personal Information
    10  Notification Act, is amended by adding a subsection to read:
    11  Section 3.  Notification of breach.
    12     * * *
    13     (a.1)  Notification by government entity.--If a State agency
    14  or political subdivision is the subject of a breach of security
    15  of the system, the State agency or political subdivision shall
    16  provide notice of the breach of security of the system required
    17  under subsection (a) within seven days following discovery of


     1  the breach. Notification shall be provided to the Office of
     2  Attorney General within three business days following discovery
     3  of the breach. Notification shall occur regardless of the
     4  existence of procedures and policies under section 7.
     5     * * *
     6     Section 2.  The act is amended by adding a section to read:
     7  Section 3.1.  Investigation of breach involving a government
     8                 entity.
     9     (a)  Investigation.--Upon receipt of notification under
    10  section 3(a.1), the Office of Attorney General shall investigate
    11  the breach. The investigation shall include a review of
    12  procedures, a determination of the cause of the breach and
    13  recommendations to the agency relating to prevention of similar
    14  breaches in the future.
    15     (b)  Cost.--The cost of the investigation shall be paid by
    16  the agency in which the breach occurred.
    17     Section 3.  This act shall take effect in 60 days.









    D1L12RLE/20080S1266B1919         - 2 -