See other bills
under the
same topic
PRINTER'S NO. 42
THE GENERAL ASSEMBLY OF PENNSYLVANIA
HOUSE BILL
No.
35
Session of
2017
INTRODUCED BY THOMAS, JANUARY 23, 2017
REFERRED TO COMMITTEE ON COMMERCE, JANUARY 23, 2017
AN ACT
Amending the act of December 22, 2005 (P.L.474, No.94), entitled
"An act providing for the notification of residents whose
personal information data was or may have been disclosed due
to a security system breach; and imposing penalties,"
providing for disposal of materials containing personal
information.
The General Assembly of the Commonwealth of Pennsylvania
hereby enacts as follows:
Section 1. The act of December 22, 2005 (P.L.474, No.94),
known as the Breach of Personal Information Notification Act, is
amended by adding a section to read:
Section 5.1. Disposal of materials containing personal
information.
(a) Method of disposal.--A person shall dispose of material
containing personal information in a manner that renders the
personal information unreadable, unusable and undecipherable.
Proper disposal methods include, but are not limited to:
(1) Redaction, burning, pulverization or shredding of
paper documents so that personal information cannot
practicably be read or reconstructed.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
(2) Destruction or erasure of electronic media and other
non-paper media so that personal information cannot
practicably be read or reconstructed.
(b) Third party contracts.-- A person disposing of materials
containing personal information may contract with a third party
to dispose of the materials in accordance with this section. A
third party that contracts with a person to dispose of materials
containing personal information shall implement and monitor
compliance with policies and procedures that prohibit
unauthorized access to, acquisition of or use of personal
information during the collection, transportation and disposal
of materials containing personal information.
(c) Penalties.--A person , including a third party referenced
in subsection (b), who violates this section is subject to a
civil penalty of not more than $100 for each individual with
respect to whom personal information is disposed of in violation
of this section. A civil penalty may not, however, exceed
$50,000 for each instance of improper disposal of materials
containing personal information. The Attorney General may impose
a civil penalty after notice to the person accused of violating
this section and an opportunity for hearing. The Attorney
General may file a civil action in the appropriate court of
common pleas to recover a penalty imposed under this section.
(d) Action by Attorney General.-- In addition to the
authority to impose a civil penalty under subsection (c), the
Attorney General may bring an action in the appropriate court of
common pleas to remedy a violation of this section, seeking any
appropriate relief.
(e) Exceptions.--A financial institution subject to 15
U.S.C. Ch. 94 (relating to privacy) or a person subject to 15
20170HB0035PN0042 - 2 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
U.S.C. ยง 1681w (relating to disposal of records) is exempt from
this section.
Section 2. This act shall take effect in 60 days.
20170HB0035PN0042 - 3 -
1
2
3