Test Drive Our New Site! We have some improvements in the works that we're excited for you to experience. Click here to try our new, faster, mobile friendly beta site. We will be maintaining our current version of the site thru the end of 2024, so you can switch back as our improvements continue.
Legislation Quick Search
07/23/2024 02:07 PM
Pennsylvania House of Representatives
Home / House Co-Sponsorship Memoranda

House Co-Sponsorship Memoranda

Subscribe to PaLegis Notifications

Subscribe to receive notifications of new Co-Sponsorship Memos circulated

By Member | By Date | Keyword Search

House of Representatives
Session of 2015 - 2016 Regular Session


Posted: February 25, 2016 12:41 PM
From: Representative W. Curtis Thomas
To: All House members
Subject: Update definition of personal information data in PA Breach of Personal Information Notification Act
In the near future, I plan to introduce legislation that would expand the definition of Personal Information in Pennsylvania’s Breach of Personal Information Notification Act (P.L. 474, No. 94 of 2005) to bring Pennsylvania in line with how the federal government and some other states define personal information.

Last session, following reports of breaches in cybersecurity that filled national headlines, I sponsored House Resolution 778 that called on the Joint State Government Commission to take a closer look at Pennsylvania’s laws surrounding this issue. One of the recommendations from the Commission was to “modernize” the 2005 law to reflect a more modern understanding of cybersecurity.

In 2005, Pennsylvania enacted the Breach of Personal Information Notification Act to address breaches in the management of computerized personal information by an unauthorized user. Current law defines personal information as “An individual’s first name or first initial and last name in combination with and linked to any one of more of the following data elements when the data elements are not encrypted or redacted: Social Security number; driver’s license number or a state identification card number; or financial account number, credit or debit card, in combination with any required security code, access code or password.”

My proposed legislation, which is based on a Commission recommendation and follows the National Institute of Standards and Technology (NIST), more broadly defines personal information to include information that could be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records, as well as information that is linked or linkable to an individual, such as medical, educational, financial and employment information. This includes such new additions as passport numbers, taxpayer identification numbers, insurance member numbers, an alias, electronic account information, Internet Protocol or Media Access Control address, biometric data (such as a fingerprint, facial scan, or voice signature, for example) and digitized or other electronic signatures.

The Commonwealth and its agencies regularly collects and possesses, through various state programs and routine administrative activities, sensitive personal information about residents of Pennsylvania. This legislation is one step toward increasing Pennsylvania’s diligence in regard to cybersecurity and protecting Pennsylvanians.

Please join me in co-sponsoring this legislation.

View Attachment

Introduced as HB1910