Test Drive Our New Site! We have some improvements in the works that we're excited for you to experience. Click here to try our new, faster, mobile friendly beta site. We will be maintaining our current version of the site thru the end of 2024, so you can switch back as our improvements continue.
Legislation Quick Search
07/20/2024 02:54 PM
Pennsylvania House of Representatives
Home / House Co-Sponsorship Memoranda

House Co-Sponsorship Memoranda

Subscribe to PaLegis Notifications

Subscribe to receive notifications of new Co-Sponsorship Memos circulated

By Member | By Date | Keyword Search

House of Representatives
Session of 2015 - 2016 Regular Session


Posted: February 25, 2016 12:34 PM
From: Representative W. Curtis Thomas
To: All House members
Subject: Cybersecurity breach notification update
In the near future, I plan to introduce legislation that would set a 30 day timeframe in Pennsylvania’s Breach of Personal Information Notification Act (P.L. 474, No. 94 of 2005) and that would require notice of breach be provided to Pennsylvania Office of Attorney General.

In 2005, Pennsylvania enacted the Breach of Personal Information Notification Act to address breaches in the management of computerized personal information by an unauthorized user. At the time, it was believed that this new law would protect citizens by requiring any entity that stores this data to alert the individual of the breach “without unreasonable delay.”

Last session, following reports of breaches in cybersecurity that filled national headlines, I sponsored House Resolution (HR 778) that called on the Joint State Government Commission to take a closer look at Pennsylvania’s laws surrounding this issue. One of the recommendations was to modernize Act 94 of 2005, because we were now 10 years out from its initial enactment and technology has changed and advanced.

This proposed legislation is based on one of the Commission’s recommendations and is meant to address what they suggested was a “generic phrase” by making changes to the language. These changes will not only provide Commonwealth offices and agencies with flexibility, but also clarify when notification must be provided to consumers.

The Commonwealth and its agencies regularly collects and possesses, through various state programs and routine administrative activities, sensitive personal information about residents of Pennsylvania. As the Commission points out in its 2015 report on Cybersecurity, while Pennsylvania has not yet experienced a major breach, state offices and agencies, like all entities that electronically collect and store personal data, the question becomes not whether a breach will occur, but when. This legislation is one step toward increasing Pennsylvania’s diligence in regard to cybersecurity and ensuring that consumers are notified as quickly as possible, so that they can protect their online personal data.

Please join me in co-sponsoring this legislation.

View Attachment

Introduced as HB1911