|In the near future I plan to re-introduce HB 1548 of last session to amend P.L. 474, No.94 known as the Breach of Personal Information Act. Passed in 2005, the Act provides for the notification of residents whose personal identifiable information was or may have been disclosed due to a security system breach.
The purpose of our amendment is to strengthen the provisions of the current Act by:
- Updating the definition of personally identifiable information
- Revising requirements for state agencies, the Judiciary and the Legislature to notify affected individuals and supervisory and law enforcement officials in the event of a breach of personally identifiable information
- Adding protections and remedies for residents of the Commonwealth in the event of a data breach
- Assigning responsibilities for developing policies to reduce the risk of future data breaches
The definition of personally identifiable information is updated to include health and medical information, educational records, religious information, biometric markers, data that would permit access to an on-line account, and certain socioeconomic data.
Additionally, if a State agency or political subdivision of the Commonwealth is subject to a breach of the security of the system, the amendment provides for faster notifications to the heads of the entities and senior law enforcement officials.
The amendment specifies that notice be delivered in a clear and easy to follow format. The notice will contain specific provisions helpful to those potentially affected by the breach, including what steps are being taken to protect the individuals whose personal information is the subject of the breach; advice on what steps the individual may take on their own; contact information for major credit reporting agencies; and an offer by the state entity responsible for the database’s security to provide 12 months free credit reporting, credit protection and identity theft protection.
Please join me in strengthening our notification procedures in the event of a breach of databases containing our personal information by co-sponsoring this legislation.