Test Drive Our New Site! We have some improvements in the works that we're excited for you to experience. Click here to try our new, faster, mobile friendly beta site. We will be maintaining our current version of the site thru mid 2025, so you can switch back as our improvements continue.
Legislation Quick Search
12/03/2024 03:31 AM
Pennsylvania House of Representatives
https://www.legis.state.pa.us/cfdocs/Legis/CSM/showMemoPublic.cfm?chamber=H&SPick=20150&cosponId=16164
Share:
Home / House Co-Sponsorship Memoranda

House Co-Sponsorship Memoranda

Subscribe to PaLegis Notifications
NEW!

Subscribe to receive notifications of new Co-Sponsorship Memos circulated

By Member | By Date | Keyword Search


House of Representatives
Session of 2015 - 2016 Regular Session

MEMORANDUM

Posted: December 23, 2014 10:10 AM
From: Representative Thomas P. Murt
To: All House members
Subject: Data Breach Notification
 
I plan to introduce legislation which would require state agencies and municipalities to provide notice of data breaches involving personal information within one week. Under current law (Act 94 of 2005), such notice is required to be made “without necessary delay.”

Unfortunately, at least three separate thefts of state-owned computers containing personal information were reported in recent years. In two cases, both involving the Department of Public Welfare, the public was not notified until three weeks after the thefts. In the third case, the Department of Aging took two weeks to notify the public. I believe those are unreasonable delays.

This legislation amends the Breach of Personal Information Notification Act by adding a specific timeframe in which notifications of a breach of a state or local governmental agency’s data must be made. It specifically requires that, following the discovery of a breach: a state agency shall notify PA residents subject to that breach within 7 days;

  • a state agency shall notify the Office of the Attorney General within 3 business days;
  • a state agency under the Governor’s jurisdiction shall notify the Office of Administration within 3 business days;
  • a county, municipality, or school district shall notify PA residents subject to that breach within 7 days; and
  • a county, municipality, or school district shall notify the district attorney in the county where the breach occurred within 3 business days.

The bill further requires the Office of Administration to develop a storage policy, for those state agencies under the Governor’s jurisdiction, that will help reduce the risk of future breaches. The bill specifies that the storage policy must be consistent with other controlling federal or state law or regulation regarding access to data.




Introduced as HB668