| |
|
| |
| THE GENERAL ASSEMBLY OF PENNSYLVANIA |
| |
| SENATE BILL |
|
| |
| |
| INTRODUCED BY PILEGGI, WONDERLING, FOLMER, KITCHEN, ROBBINS, TARTAGLIONE, STOUT, TOMLINSON, YAW, ORIE, EARLL, BOSCOLA, LOGAN, FONTANA, BAKER, KASUNIC, GORDNER, RAFFERTY, ERICKSON, O'PAKE, VANCE, WOZNIAK, ALLOWAY, PICCOLA, CORMAN AND BRUBAKER, JANUARY 30, 2009 |
| |
| |
| REFERRED TO COMMUNICATIONS AND TECHNOLOGY, JANUARY 30, 2009 |
| |
| |
| |
| AN ACT |
| |
1 | Amending the act of December 22, 2005 (P.L.474, No.94), entitled |
2 | "An act providing for the notification of residents whose |
3 | personal information data was or may have been disclosed due |
4 | to a security system breach; and imposing penalties," further |
5 | providing for notification of breach. |
6 | The General Assembly of the Commonwealth of Pennsylvania |
7 | hereby enacts as follows: |
8 | Section 1. Section 3 of the act of December 22, 2005 (P.L. |
9 | 474, No.94), known as the Breach of Personal Information |
10 | Notification Act, is amended by adding a subsection to read: |
11 | Section 3. Notification of breach. |
12 | * * * |
13 | (a.1) Notification by government entity.--If a State agency |
14 | or political subdivision is the subject of a breach of security |
15 | of the system, the State agency or political subdivision shall |
16 | provide notice of the breach of security of the system required |
17 | under subsection (a) within seven days following discovery of |
18 | the breach. Notification shall be provided to the Office of |
|
1 | Attorney General within three business days following discovery |
2 | of the breach. Notification shall occur regardless of the |
3 | existence of procedures and policies under section 7. |
4 | * * * |
5 | Section 2. The act is amended by adding a section to read: |
6 | Section 3.1. Investigation of breach involving a government |
7 | entity. |
8 | (a) Investigation.--Upon receipt of notification under |
9 | section 3(a.1), the Office of Attorney General shall investigate |
10 | the breach. The investigation shall include a review of |
11 | procedures, a determination of the cause of the breach and |
12 | recommendations to the agency relating to prevention of similar |
13 | breaches in the future. |
14 | (b) Cost.--The cost of the investigation shall be paid by |
15 | the agency in which the breach occurred. |
16 | Section 3. This act shall take effect in 60 days. |
|