PRINTER'S NO. 830
THE GENERAL ASSEMBLY OF PENNSYLVANIA
SENATE BILL
No.
753
Session of
2015
INTRODUCED BY KITCHEN, BREWSTER, TARTAGLIONE, FONTANA, HUGHES,
COSTA, YUDICHAK, WILLIAMS, RAFFERTY AND FARNESE, MAY 1, 2015
REFERRED TO COMMUNICATIONS AND TECHNOLOGY, MAY 1, 2015
AN ACT
Amending the act of December 22, 2005 (P.L.474, No.94), entitled
"An act providing for the notification of residents whose
personal information data was or may have been disclosed due
to a security system breach; and imposing penalties," further
providing for notification of breach.
The General Assembly of the Commonwealth of Pennsylvania
hereby enacts as follows:
Section 1. Section 3 of the act of December 22, 2005
(P.L.474, No.94), known as the Breach of Personal Information
Notification Act, is amended by adding a subsection to read:
Section 3. Notification of breach.
* * *
(d) Identity theft prevention and mitigation.--
(1) If the entity required to provide notification under
subsection (a) was the source of the breach, personal
information was exposed or may have been exposed by the
breach and the entity offers to provide appropriate identity
theft prevention and mitigation services, the services must
be provided at no cost to the affected individuals for not
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
less than 12 months.
(2) The notification:
(i) May include, at the discretion of the entity,
information about the action taken by the entity to
protect the individuals whose personal information has
been breached and steps that the individuals may take to
protect themselves.
(ii) Shall include all information necessary to
accept the offer.
Section 2. This act shall take effect in 60 days.
20150SB0753PN0830 - 2 -
1
2
3
4
5
6
7
8
9
10