Pa. House Panel Clears Data Breach Bill
A bill to update Pennsylvania data breach requirements unanimously cleared the House State Government Committee at a hearing livestreamed Wednesday. SB-696, which earlier passed the Senate, would require state agencies, agency contractors, counties, school districts and municipalities to notify subjects of breaches within seven business days. Within three business days, state agencies would have to notify the attorney general and localities would have to notify their county’s district attorney. The bill also expands the definition of personal information to include medical information, health insurance information and a username or email address, “in combination with a password or security question and answer that would permit access to an online account.” Also, the bill requires state employees and contractors to use encryption and requires the Office of Administration to develop a security policy for storing personal information. The committee unanimously adopted an amendment with changes including that personal information doesn’t include widely distributed media and that the bill covers public schools.