(2) Destruction or erasure of electronic media and other
non-paper media so that personal information cannot
practicably be read or reconstructed.
(b) Third party contracts.-- A person disposing of materials
containing personal information may contract with a third party
to dispose of the materials in accordance with this section. A
third party that contracts with a person to dispose of materials
containing personal information shall implement and monitor
compliance with policies and procedures that prohibit
unauthorized access to, acquisition of or use of personal
information during the collection, transportation and disposal
of materials containing personal information.
(c) Penalties.--A person , including a third party referenced
in subsection (b), who violates this section is subject to a
civil penalty of not more than $100 for each individual with
respect to whom personal information is disposed of in violation
of this section. A civil penalty may not, however, exceed
$50,000 for each instance of improper disposal of materials
containing personal information. The Attorney General may impose
a civil penalty after notice to the person accused of violating
this section and an opportunity for hearing. The Attorney
General may file a civil action in the appropriate court of
common pleas to recover a penalty imposed under this section.
(d) Action by Attorney General.-- In addition to the
authority to impose a civil penalty under subsection (c), the
Attorney General may bring an action in the appropriate court of
common pleas to remedy a violation of this section, seeking any
appropriate relief.
(e) Exceptions.--A financial institution subject to 15
U.S.C. Ch. 94 (relating to privacy) or a person subject to 15
20170HB0035PN0042 - 2 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30