Bill requiring notification of security breaches compromising personal information approved
The Senate Communications & Technology Committee approved a bill requiring timely public notification when a security breach compromises personal information, according to Senator Dan Laughlin, prime sponsor of the bill.
Senate Bill 487 updates the Breach of Personal Information Notification Act to require state agencies victimized by a breach involving personally identifiable information to report the incident to those affected within seven days.
“It is understandable that any agency victimized by a data breach would be embarrassed and reluctant to publicly report the incident, but it is certainly much more important to immediately inform citizens about the theft of their personal information so that they can take steps to protect their assets,” said Senator Laughlin.
Senate Bill 487 also requires the state Attorney General be informed of any breach and for executive branch agencies to notify the Office of Administration within three days following a breach. In addition, the bill requires the Office of Administration to keep a policy for the storage and transmission of personal identifiable information.
“Information security is an endless battle. Accomplished hackers are smart, and they are sophisticated when it comes to technology. They enjoy the challenge of matching wits with the technicians charged with providing IT security for government, corporations and financial institutions,” Senator Laughlin said. “That’s what makes the provisions of Senate Bill 487 so vitally important. We can only hope that the hard work of the state’s IT professionals will be effective in protecting our systems, but we must ready to immediately respond in the event of a breach.”
In addition to thousands of computer terminals in the Capitol Complex in Harrisburg, state government relies on a vast network of computers to support agencies and legislative offices throughout the Commonwealth. That makes it a prime target for hacking, Senator Laughlin said.
“I am not suggesting that our IT systems are vulnerable to cyberattack, but we know that hackers are relentless in their attempts to steal personal and financial information,” he said. “Even as our tech services continually work to build up firewalls to protect sensitive information, hackers are finding new and innovative ways to get through those barriers. The ongoing COVID-19 pandemic brought to light some serious shortcomings in the Commonwealth’s IT system. In particular, the antiquated system at the heart of the Unemployment Compensation system was overwhelmed by demand and as such too many citizens continue to wait for the benefits they deserve.”