Strategy, Threat intelligence

Lawmakers from Pennsylvania approve data breach notification process update

May 24, 2021
KDKA-TV reports that the Pennsylvania Senate committee has unanimously approved a bill that would strengthen the state’s Breach of Personal Information Act.

“Surprisingly a unanimous vote, even though the Office of Administration was opposing the bill,” said Sen. Pat Stefano, R-Fayette, the Senate’s Communications and Technology Committee vice chair.

The proposal, sponsored by Sen. Dan Laughlin, comes on the heels of the contact tracing incident involving Insight Global that compromised the personal and sensitive health data of approximately 72,000 civilians.

Sen. Laughlin’s legislation would require any state agency, school district, county or municipality to notify the state’s Attorney General within three business days or the DA’s office within the same time frame if they experience a breach, as well as to provide notice within seven days after discovery of the breach. An amendment was drafted by Sen. Stefano, which was also unanimously approved, to add that these stipulations must also include third party vendors like Insight Global.

The bill is now awaiting consideration from the full Senate.
Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad