| |
|
| |
| THE GENERAL ASSEMBLY OF PENNSYLVANIA |
| |
| HOUSE RESOLUTION |
|
| |
| |
| INTRODUCED BY PRESTON, GODSHALL, BRENNAN, KORTZ, BAKER, BARRAR, BEYER, BOYD, CALTAGIRONE, FAIRCHILD, GEORGE, GROVE, KIRKLAND, KOTIK, MILNE, SIPTROTH, SOLOBAY, VULAKOVICH AND WALKO, FEBRUARY 2, 2009 |
| |
| |
| REFERRED TO COMMITTEE ON CONSUMER AFFAIRS, FEBRUARY 2, 2009 |
| |
| |
| |
| A RESOLUTION |
| |
1 | Establishing a select committee to investigate and review the |
2 | policies, procedures and practices in place by the various |
3 | Commonwealth agencies, authorities, boards, commissions, |
4 | councils, departments and offices and the entities they |
5 | license or regulate to protect the personal health, financial |
6 | and other sensitive data of the citizens of this |
7 | Commonwealth. |
8 | WHEREAS, Identity theft is one of the fastest growing crimes |
9 | in this nation, causing more than $2 billion in losses to |
10 | consumers, businesses and government bodies in this |
11 | Commonwealth; and |
12 | WHEREAS, The General Assembly is committed to the protection |
13 | of the personal health, financial and other sensitive data of |
14 | the residents of this Commonwealth; and |
15 | WHEREAS, The dramatic increase in computer interconnectivity |
16 | and Internet usage are changing the way this Commonwealth and |
17 | this nation are communicating and conducting business; and |
18 | WHEREAS, Without proper safeguards, this interconnectivity |
19 | poses tremendous risks that make it easier for individuals and |
|
1 | groups to gain access to improperly protected systems within |
2 | Commonwealth agencies, authorities, boards, commissions, |
3 | councils, departments and offices and the entities they license |
4 | or regulate; and |
5 | WHEREAS, Those agencies, authorities, boards, commissions, |
6 | councils, departments and offices and the entities they license |
7 | or regulate have critical facilities that support the |
8 | processing, storage and transmission of personal health, |
9 | financial and other sensitive data; and |
10 | WHEREAS, The public's trust and confidence that those |
11 | agencies, authorities, boards, commissions, councils, |
12 | departments and offices and the entities they license or |
13 | regulate are protecting personal health, financial and other |
14 | sensitive data is critical to carrying out the mission and laws |
15 | of this Commonwealth; and |
16 | WHEREAS, Potential information security weaknesses within |
17 | those agencies, authorities, boards, commissions, councils, |
18 | departments and offices and the entities they license or |
19 | regulate can place critical State operations and programs at |
20 | risk for disruption, fraud and inappropriate disclosure of |
21 | health, financial and other sensitive data; and |
22 | WHEREAS, HR 70 of the 2007-2008 legislative session, adopted |
23 | March 21, 2007, established a select committee to investigate |
24 | and review policies, procedures and practices to determine if |
25 | the appropriate and necessary information security is in place |
26 | in the Commonwealth; and |
27 | WHEREAS, The select committee submitted a report of its |
28 | findings and recommendations to the House of Representatives on |
29 | November 24, 2008; and |
30 | WHEREAS, The select committee recommended that the House of |
|
1 | Representatives extend the authority of the select committee for |
2 | the 2009-2010 legislative session to further investigate and |
3 | review the policies, procedures and practices currently in place |
4 | in various Commonwealth agencies, authorities, boards, |
5 | commissions, councils, departments and offices and the entities |
6 | they license or regulate to protect personal health, financial |
7 | and other sensitive data of the citizens of this Commonwealth; |
8 | therefore be it |
9 | RESOLVED, That the House of Representatives establish a |
10 | select committee to investigate and review the policies, |
11 | procedures and practices in place by the various Commonwealth |
12 | agencies, authorities, boards, commissions, councils, |
13 | departments and offices and the entities they license or |
14 | regulate to determine if they have appropriate and necessary |
15 | information security in place to: |
16 | (1) protect their information and information systems |
17 | from unauthorized access, use, disclosure, disruption, |
18 | modification or destruction; |
19 | (2) protect the confidentiality, integrity and |
20 | availability of that information and their information |
21 | systems; |
22 | (3) meet industry, public and private sector and Federal |
23 | best practices; |
24 | (4) meet all Federal and State laws and rules and |
25 | regulations; |
26 | (5) determine if authority has been properly delegated |
27 | to appropriate personnel in order to ensure compliance with |
28 | any information security programs and all Federal and State |
29 | laws; |
30 | (6) conduct regular risk assessments to assess and |
|
1 | adjust any information security programs to meet current |
2 | threats; |
3 | (7) periodically test and evaluate information security |
4 | controls and techniques; and |
5 | (8) ensure that information security programs and all |
6 | Federal and State laws and regulations are effectively |
7 | implemented; |
8 | and be it further |
9 | RESOLVED, That the select committee consist of 30 members of |
10 | the House of Representatives, 17 members from the majority party |
11 | and 13 members from the minority party; and be it further |
12 | RESOLVED, That the Speaker of the House of Representatives |
13 | appoint 17 members of the House of Representatives, including |
14 | the chairman of the select committee, from the Consumer Affairs |
15 | Committee, the Commerce Committee, the Judiciary Committee, the |
16 | State Government Committee and the Intergovernmental Affairs |
17 | Committee; and be it further |
18 | RESOLVED, That the Minority Leader of the House of |
19 | Representatives appoint 13 members of the House of |
20 | Representatives from the Consumer Affairs Committee, the |
21 | Commerce Committee, the Judiciary Committee, the State |
22 | Government Committee and the Intergovernmental Affairs |
23 | Committee; and be it further |
24 | RESOLVED, That the select committee hold hearings, take |
25 | testimony and make its investigation at such places as it deems |
26 | necessary in this Commonwealth; and be it further |
27 | RESOLVED, That if the select committee determines that |
28 | testimony it is about to receive is of a confidential nature or |
29 | would disclose practices which, if made public, may compromise |
30 | security measures already in place or which may be put in place |
|
1 | in the future, the select committee be permitted to close the |
2 | hearing to the public, but only for the duration of such |
3 | confidential or security sensitive testimony; and be it further |
4 | RESOLVED, That the ordinary and reasonable expenses incurred |
5 | by the select committee be paid from accounts under the control |
6 | of the Chief Clerk; and be it further |
7 | RESOLVED, That the select committee submit a report of its |
8 | findings together with its recommendations for any appropriate |
9 | legislation or other action to the House of Representatives not |
10 | later than November 30, 2010. |
|