Posted: | October 10, 2017 09:24 AM |
---|---|
From: | Representative Brian L. Ellis |
To: | All House members |
Subject: | Amending Breach of Personal Information Notification Act – Data Breaches |
I am preparing to introduce legislation that will amend the Breach of Personal Information Notification Act (BPINA). My bill is part of a package with Rep. Driscoll who is amending the Credit Reporting Agency Act. This legislation package will add further protections to assist our constituents when there is a data breach More than 5.4 million Pennsylvanians had their personal information compromised during the Equifax data breach. But Equifax isn’t the only company to have a breach that had affected our constituents, so it is time to place safeguards to protect and help consumers if another breach occurs. Specifically, my bill will require notification of a breach from the entity where the breach occurred to the affected consumer. The notification would include the date the breach occurred, the type of information subject to the breach, a toll-free number and the address of credit reporting agencies. This notice would have to be made available within 30 days of the breach of the system. Additionally, an entity with a breach would have to notify the state attorney general’s office. The entities must also develop policies to safeguard and discard personal consumer information. In addition, if a state agency, under the Governor’s jurisdiction, has a breach they must report the breach to the Governor’s Office of Administration as soon as possible. If a county, municipality or school district has a breach, they must report the breach to their county district attorney without a delay. Finally, under my legislation, the entities must also develop policies to safeguard and discard personal information. I hope that you will join me by cosponsoring this legislation. |
Introduced as HB1846