Bill Text: PA SB155 | 2009-2010 | Regular Session | Introduced


Bill Title: Further providing for notification of breach.

Spectrum: Slight Partisan Bill (Republican 22-11)

Status: (Engrossed - Dead) 2009-04-03 - Referred to STATE GOVERNMENT [SB155 Detail]

Download: Pennsylvania-2009-SB155-Introduced.html

  

 

    

PRINTER'S NO.  125

  

THE GENERAL ASSEMBLY OF PENNSYLVANIA

  

SENATE BILL

 

No.

155

Session of

2009

  

  

INTRODUCED BY PILEGGI, WONDERLING, FOLMER, KITCHEN, ROBBINS, TARTAGLIONE, STOUT, TOMLINSON, YAW, ORIE, EARLL, BOSCOLA, LOGAN, FONTANA, BAKER, KASUNIC, GORDNER, RAFFERTY, ERICKSON, O'PAKE, VANCE, WOZNIAK, ALLOWAY, PICCOLA, CORMAN AND BRUBAKER, JANUARY 30, 2009

  

  

REFERRED TO COMMUNICATIONS AND TECHNOLOGY, JANUARY 30, 2009  

  

  

  

AN ACT

  

1

Amending the act of December 22, 2005 (P.L.474, No.94), entitled

2

"An act providing for the notification of residents whose

3

personal information data was or may have been disclosed due

4

to a security system breach; and imposing penalties," further

5

providing for notification of breach.

6

The General Assembly of the Commonwealth of Pennsylvania

7

hereby enacts as follows:

8

Section 1.  Section 3 of the act of December 22, 2005 (P.L.

9

474, No.94), known as the Breach of Personal Information

10

Notification Act, is amended by adding a subsection to read:

11

Section 3.  Notification of breach.

12

* * *

13

(a.1)  Notification by government entity.--If a State agency

14

or political subdivision is the subject of a breach of security

15

of the system, the State agency or political subdivision shall

16

provide notice of the breach of security of the system required

17

under subsection (a) within seven days following discovery of

18

the breach. Notification shall be provided to the Office of

 


1

Attorney General within three business days following discovery

2

of the breach. Notification shall occur regardless of the

3

existence of procedures and policies under section 7.

4

* * *

5

Section 2.  The act is amended by adding a section to read:

6

Section 3.1.  Investigation of breach involving a government

7

entity.

8

(a)  Investigation.--Upon receipt of notification under

9

section 3(a.1), the Office of Attorney General shall investigate

10

the breach. The investigation shall include a review of

11

procedures, a determination of the cause of the breach and

12

recommendations to the agency relating to prevention of similar

13

breaches in the future.

14

(b)  Cost.--The cost of the investigation shall be paid by

15

the agency in which the breach occurred.

16

Section 3.  This act shall take effect in 60 days.

- 2 -

 


feedback