Vulakovich Bill Requires Expeditious Reporting of Personal Data Breaches

State Senator Randy Vulakovich (R-38) has introduced Senate Bill 1048 that would require expeditious public notification by state agencies and local governments of data breaches involving personal information.

Current law requires public notification of such incidents “without unreasonable delay.” Senator Vulakovich’s bill, which is similar to Senate Bill 114 from last session, sets a specific one-week notification requirement for breaches involving state agencies and local governments.

“Cybersecurity is something we constantly read and hear about in the news.  Both government and the private sector are routinely dealing with ever-evolving threats from domestic and international hackers,” said Senator Vulakovich, a former municipal police officer and member of the Pennsylvania Commission on Crime and Delinquency. “It is important for the public to be notified as soon as possible when information security is compromised so they can take steps to protect themselves from identity theft.”

Numerous serious data breaches were reported in other states over the past few years. A hacker stole a database including 3.6 million Social Security numbers from South Carolina’s Department of Revenue. In Utah, hackers downloaded 780,000 Medicaid records. In Tennessee, a hacker group accessed 110,000 records including Social Security numbers from a school district computer system. Vulakovich believes this legislation will help Pennsylvania stay ahead of the curve on best practices for Cyber Security.

SB 1048 has been referred to the Senate Communications and Technology Committee where it awaits consideration.

Contact: Charlie O’Neill       (717) 787-6538

More information about state issues is available at Senator Vulakovich’s website, or on Facebook at