Threat Management

Lawmakers from Pennsylvania approve data breach notification process update

KDKA-TV reports that the Pennsylvania Senate committee has unanimously approved a bill that would strengthen the state’s Breach of Personal Information Act.

“Surprisingly a unanimous vote, even though the Office of Administration was opposing the bill,” said Sen. Pat Stefano, R-Fayette, the Senate’s Communications and Technology Committee vice chair.

The proposal, sponsored by Sen. Dan Laughlin, comes on the heels of the contact tracing incident involving Insight Global that compromised the personal and sensitive health data of approximately 72,000 civilians.

Sen. Laughlin’s legislation would require any state agency, school district, county or municipality to notify the state’s Attorney General within three business days or the DA’s office within the same time frame if they experience a breach, as well as to provide notice within seven days after discovery of the breach. An amendment was drafted by Sen. Stefano, which was also unanimously approved, to add that these stipulations must also include third party vendors like Insight Global.

The bill is now awaiting consideration from the full Senate.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.