|Posted:||January 4, 2019 12:09 PM|
|From:||Representative Thomas P. Murt|
|To:||All House members|
|Subject:||Data Breach Notification (Prior HB 848)|
|I plan to reintroduce legislation which would require state agencies and municipalities to provide notice of data breaches involving personal information within one week. Under current law (Act 94 of 2005), such notice is required to be made “without necessary delay.”
Unfortunately, at least three separate thefts of state-owned computers containing personal information were reported in recent years. In two cases, both involving the Department of Human Services, the public was not notified until three weeks after the thefts. In the third case, the Department of Aging took two weeks to notify the public. I believe those are unreasonable delays.
This legislation amends the Breach of Personal Information Notification Act by adding a specific timeframe in which notifications of a breach of a state or local governmental agency’s data must be made. It specifically requires that, following the discovery of a breach a state agency shall notify PA residents subject to that breach within seven days. A state agency shall notify the Office of the Attorney General within 3 business days;
Introduced as HB662