PRINTER'S NO. 40
THE GENERAL ASSEMBLY OF PENNSYLVANIA
HOUSE BILL
No.
33
Session of
2017
INTRODUCED BY THOMAS, SCHLOSSBERG, ROZZI, DRISCOLL, BIZZARRO,
V. BROWN AND SOLOMON, JANUARY 23, 2017
REFERRED TO COMMITTEE ON COMMERCE, JANUARY 23, 2017
AN ACT
Amending the act of December 22, 2005 (P.L.474, No.94), entitled
"An act providing for the notification of residents whose
personal information data was or may have been disclosed due
to a security system breach; and imposing penalties," further
providing for notification of breach.
The General Assembly of the Commonwealth of Pennsylvania
hereby enacts as follows:
Section 1. Section 3 of the act of December 22, 2005
(P.L.474, No.94), known as the Breach of Personal Information
Notification Act, is amended to read:
Section 3. Notification of breach.
(a) General rule.--An entity that maintains, stores or
manages computerized data that includes personal information
shall provide notice of any breach of the security of the system
following discovery of the breach of the security of the system
to any resident of this Commonwealth whose unencrypted and
unredacted personal information was or is reasonably believed to
have been accessed and acquired by an unauthorized person.
Notice shall also be provided to the Attorney General and the
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19