HARRISBURG, Pa. (WHTM) – The Pennsylvania House State Government Committee has sent to the full House of Representatives for consideration Sen. Dan Laughlin’s legislation that would require state agencies to notify victims of a data breach within one week.
Under Senate Bill 696, any state agency, county, municipality, public school or third-party vendor that conducts business with a state or local agency that experiences a data breach would be required to provide notice of the breach to affected victims within seven days of the determination.
The measure would also require the state’s Attorney General to be notified concurrently of the breach that occurs in a state agency. A county’s district attorney would be notified within three business days if the breach occurred in a county, school district or municipality.
“As we are now all well aware, information security is an endless battle,” said Laughlin (R-49). “Pennsylvania state government a big target for them, with prime examples being last year’s Insight Global data breach that exposed COVID-19 contact tracing data and the personal information of some 72,000 Pennsylvanians, and the more recent data breach that has been impacting many unemployment compensation claimants who had bank account information changed within their accounts allowing criminals to steal their jobless benefits.”