THE SENATE |
S.R. NO. |
41 |
TWENTY-EIGHTH LEGISLATURE, 2015 |
S.D. 1 |
|
STATE OF HAWAII |
|
|
|
|
|
|
||
|
SENATE RESOLUTION
REQUESTING THE INFORMATION PRIVACY AND SECURITY COUNCIL, IN COOPERATION WITH THE state CHIEF INFORMATION OFFICER council, TO ASSESS EXISTING PROCEDURES OF NOTIFICATION FOLLOWING THE BREACH OF PERSONAL INFORMATION.
WHEREAS, individual personal information is increasingly stored online or in electronic format; and
WHEREAS, chapter 487N, Hawaii Revised Statutes, sets outs procedures for state and county government agencies to report to the Legislature certain information after discovery of a security breach; and
WHEREAS, the information required to be reported includes information relating to the nature of the breach, the number of individuals affected by the breach, a copy of the notice of security breach that was issued, the number of individuals to whom the notice was sent, whether the notice was delayed due to law enforcement considerations, and any procedures that have been implemented to prevent the breach from reoccurring; and
WHEREAS, chapter 487N, Hawaii Revised Statutes, also establishes the Information Privacy and Security Council, which is tasked with reviewing annual reports on personal information systems from government agencies and noting findings, significant trends, and recommendations to protect personal information used by government agencies; and
WHEREAS, despite statutory requirements for notice to be provided and ongoing efforts by the Information Privacy and Security Council to make recommendations to protect personal information used by government agencies, this body finds that further improvements to the notification process are necessary; now, therefore,
BE IT RESOLVED by the Senate of the Twenty-eighth Legislature of the State of Hawaii, Regular Session of 2015, that the Information Privacy and Security Council, in cooperation with the State Chief Information Officer Council, is requested to assess the means by which state and county agencies generally notify individuals following a breach of personal information; and
BE IT FURTHER RESOLVED that the Information Privacy and Security Council, in cooperation with the State Chief Information Officer Council, is requested to research and provide a report to the Legislature with its findings to include:
(1) Notification procedures currently followed when contacting and notifying an individual about the breach of personal information, particularly when the personal information is stored or accessible online;
(2) Software or other electronic programs generally used that foster improvement of personal information protection; and
(3) Recommendations of amended or new methods to more securely and promptly provide notification; and
BE IT FURTHER RESOLVED that the Information Privacy and Security Council is requested to submit a report of findings and recommendations, including any proposed legislation, to the Legislature no later than twenty days prior to the convening of the Regular Session of 2016; and
BE IT FURTHER RESOLVED that a certified copy of this Resolution be transmitted to the Chief Information Officer.
Office of Information Management and Technology; Personal Information; Data Breach; Working Group; Establishment