|Posted:||October 10, 2017 09:24 AM|
|From:||Representative Brian L. Ellis|
|To:||All House members|
|Subject:||Amending Breach of Personal Information Notification Act – Data Breaches|
|I am preparing to introduce legislation that will amend the Breach of Personal Information Notification Act (BPINA). My bill is part of a package with Rep. Driscoll who is amending the Credit Reporting Agency Act. This legislation package will add further protections to assist our constituents when there is a data breach
More than 5.4 million Pennsylvanians had their personal information compromised during the Equifax data breach. But Equifax isn’t the only company to have a breach that had affected our constituents, so it is time to place safeguards to protect and help consumers if another breach occurs.
Specifically, my bill will require notification of a breach from the entity where the breach occurred to the affected consumer. The notification would include the date the breach occurred, the type of information subject to the breach, a toll-free number and the address of credit reporting agencies. This notice would have to be made available within 30 days of the breach of the system. Additionally, an entity with a breach would have to notify the state attorney general’s office. The entities must also develop policies to safeguard and discard personal consumer information.
In addition, if a state agency, under the Governor’s jurisdiction, has a breach they must report the breach to the Governor’s Office of Administration as soon as possible. If a county, municipality or school district has a breach, they must report the breach to their county district attorney without a delay.
Finally, under my legislation, the entities must also develop policies to safeguard and discard personal information.
I hope that you will join me by cosponsoring this legislation.
Introduced as HB1846