HARRISBURG – The House State Government Committee has sent to the full House of Representatives for consideration Sen. Dan Laughlin’s legislation that would require state agencies to notify victims of a data breach within one week.
“As we are now all well aware, information security is an endless battle,” said Laughlin (R-49). “Pennsylvania state government a big target for them, with prime examples being last year’s Insight Global data breach that exposed COVID-19 contact tracing data and the personal information of some 72,000 Pennsylvanians, and the more recent data breach that has been impacting many unemployment compensation claimants who had bank account information changed within their accounts allowing criminals to steal their jobless benefits.”
Under Senate Bill 696, any state agency, county, municipality, public school or third-party vendor that conducts business with a state or local agency that experiences a data breach would be required to provide notice of the breach to affected victims within seven days of determination.
“Accomplished hackers are smart, and they are sophisticated when it comes to technology. They enjoy the challenge of matching wits with the technicians charged with providing IT security for government, corporations and financial institutions,” Laughlin said. “That’s what makes Senate Bill 696 so important. We can only hope that the hard work of the state’s IT professionals will be effective in protecting our systems, but we must be ready to immediately respond in the event of a breach.”
The measure would also require the state’s Attorney General to be notified concurrently of the breach that occurs in a state agency. A county’s district attorney would be notified within three business days if the breach occurred in a county, school district or municipality.
“It is understandable that any agency victimized by a data breach would be embarrassed and reluctant to publicly report the incident, but it is certainly much more important to immediately inform citizens about the theft of their personal information so that they can take steps to protect their assets,” said Laughlin. “Pennsylvania’s recent experience with data breaches clearly shows the need for the state to act quickly to protect its citizens when a data breach occurs.”
Contact: David Kozak 717-787-8927