|Posted:||December 3, 2012 10:16 AM|
|From:||Senator Dominic Pileggi|
|To:||All Senate members|
|Subject:||Legislation Regarding Data Breaches|
|I plan to introduce legislation which would require state agencies to provide notice of data breaches involving personal information within one week. Under current law (Act 94 of 2005), such notice is required to be made “without unreasonable delay.”
Unfortunately, at least three separate thefts of state-owned computers containing personal information were reported in recent years. In two cases, both involving the Department of Public Welfare, the public was not notified until three weeks after the thefts. In the third case, the Department of Aging took two weeks to notify the public. I believe those are unreasonable delays.
The need for this legislation is even more apparent with the recent revelation that an international hacker accessed the records of approximately 4 million taxpayers in South Carolina.
This legislation would require that the Attorney General be notified by the state agency within three business days. It would also authorize the Attorney General to investigate every breach involving state agencies, and the local District Attorney to investigate breaches involving counties, municipalities or school districts.
This legislation will be similar to Senate Bill 162 (printer’s number 1568) from the 2011-12 legislative session, which passed the Senate unanimously but was not considered by the House.
Introduced as SB114