PRIOR PRINTER'S NO. 3346 | PRINTER'S NO. 3830 |
THE GENERAL ASSEMBLY OF PENNSYLVANIA
HOUSE RESOLUTION
No. | 778 | Session of 2014 |
INTRODUCED BY THOMAS, MILLARD, COHEN, V. BROWN, BISHOP, READSHAW, SWANGER, D. COSTA, BROWNLEE, KINSEY, QUINN, DERMODY, DENLINGER AND DAVIDSON, APRIL 9, 2014
AS REPORTED FROM COMMITTEE ON COMMERCE, HOUSE OF REPRESENTATIVES, AS AMENDED, JUNE 24, 2014
A RESOLUTION
1Directing the Joint State Government Commission to conduct a
2comprehensive study on the Commonwealth's cyber security
3efforts and protocols to protect private information of our
4citizens.
5WHEREAS, The Commonwealth collects and possesses sensitive
6personal information about the residents of this Commonwealth
7through various State programs and routine administrative
8activities that are conducted by Commonwealth agencies and their
9contractors; and
10WHEREAS, Recent headlines in the news about third parties
11hacking into retail and private corporate computer systems and
12the resulting compromise of personal information about customers
13is a grave concern; and
14WHEREAS, It is necessary for the Commonwealth to be vigilant
15in protecting the personal information of its residents through
16adequate cyber security measures; and
17WHEREAS, The level of cyber security efforts and protocols in
18this Commonwealth needs to be determined to assess risk and to
1implement the best available safeguards of personal information;
2therefore be it
3RESOLVED, That the House of Representatives direct the Joint
4State Government Commission to conduct a comprehensive study on
5the extent to which all branches of the Commonwealth government,
6including their contractors and subcontractors, implement cyber
7security efforts and protocols directed at safeguarding the
8personal information of residents of this Commonwealth; and be
9it further
10RESOLVED, That the study review Statewide standards and
11protocols that serve as the framework for cyber security
12protection to determine:
13(1) whether or not these standards and protocols are in
14place for the myriad of State offices that exist throughout
15this Commonwealth; and
16(2) if funding and resources are sufficient to maintain
17and enhance security hardware, software, personnel and
18training to remain vigilant against evolving threats;
19and be it further
20RESOLVED, That the study review the coordination of State
21information technology personnel involved in cyber security,
22including:
23(1) whether or not they routinely examine the
24capabilities of the security systems to protect against cyber
25attacks;
26(2) safeguards and restrictions placed on inter-agency
27sharing of State data and information;
28(3) safeguards and restrictions placed on data and
29information sharing between State and local government
30agencies; and
1(4) if there are resources available for continuing
2education of the information technology personnel;
3and be it further
4RESOLVED, That the study review the Commonwealth's standards
5and protocols as they apply to private entities that contract
6with the State; and be it further
7RESOLVED, That the study review best practices in cyber
8security protection, including those used by Federal and other
9states' government; and be it further
10RESOLVED, That the study determine if the Commonwealth would
11benefit from routine peer reviews of its cyber security
12protections, including input solicited from academic and private
13sector experts; and be it further
14RESOLVED, That the study determine if current laws are
15adequate regarding public notification of data breaches,
16including privacy rights for residents of the Commonwealth, and
17the Commonwealth's strategic plan for cyber security and
18contingencies if a data breach occurs; and be it further
19RESOLVED, That the commission consult with the Governor's
20Office <-for Information Technology of Administration in preparing
21the study; and be it further
22RESOLVED, That the commission report its findings from the
23study to the General Assembly within one year of the adoption of
24this resolution.