|Posted:||March 27, 2019 09:16 AM|
|From:||Representative Jonathan Fritz|
|To:||All House members|
|Subject:||Amending Breach of Personal Information Notification Act – Data Breaches|
|I am preparing to introduce legislation that will amend the Breach of Personal Information Notification Act (BPINA). This legislation will add further protections to help safeguard our constituents when there is a data breach.
More than 5.4 million Pennsylvanians had their personal information compromised during Equifax's 2017 data breach. But Equifax isn’t the only company to have had a breach that affected our constituents. This story occurs almost daily across the commonwealth and country.
Specifically, my bill will require notification of a breach from the entity where the breach occurred to the affected consumer. The notification would include the date the breach occurred, the type of information subject to the breach, a toll-free number and the address of credit reporting agencies. This notice would have to be made available within 30 days of the breach of the system. Additionally, an entity with a breach would have to notify the state attorney general’s office. The entities must also develop policies to safeguard and discard personal consumer information.
In addition, if a state agency, under the Governor’s jurisdiction, has a breach they must report the breach to the Governor’s Office of Administration as soon as possible. If a county, municipality or school district has a breach, they must report the breach to their county district attorney without a delay.
I hope that you will join me by cosponsoring this legislation.
Introduced as HB1181