A Pennsylvania senate committee heard testimony recently regarding what updates state and local agencies need to take in order to protect the personal information of taxpayers and others.
The Senate Communications and Technology Committee heard from state Sen. Dan Laughlin, R-Erie, the primary sponsor of Senate Bill 487. The bill seeks to update the state’s Breach of Personal Information Notification Act.
Specifically, the bill – which has bipartisan support – would require state, county and municipal agencies, including school districts, to notify individuals whose personally identifiable information has been breached within seven business days of discovering the intrusion. Agencies would also have to report the breach to the Attorney General’s office or the local district attorney within three days. State executive branch agencies also would have to notify the governor’s Office of Administration within three working days of uncovering the breach.
Laughlin said the bill is personal for him, as his wife’s personal information was recently breached.
“With so much personal information out there in government databases, it is essential that we take every step possible to protect that information and to act quickly in those cases where hackers breach those files,” he said.
Since all levels of government rely on the internet to perform their daily operations, Committee Chair Kristin Phillips-Hill, R-York, said taxpayers rely on those agencies to make sure their personal information is always protected.
“It is our duty as public servants to do everything we can to keep that data safe and guarded from any kind of breach,” Phillips-Hill said.
Clifford Shier, a managing partner for Unisys, a leading IT contractor for government entities, testified that when data is shared because it can be – and not because it’s necessary – the opportunity for breaches to occur jumps significantly. He added that data also has a life cycle and keeping that information after its usefulness has expired adds risk to both agencies and individuals.
With reports of breaches and hacks a near daily occurrence, Shier added the financial and reputational risks to businesses and public-sector agencies have never been higher.
In addition, a recent Unisys study indicated more people are concerned about the safety of their information than they are their personal well-being.
While different agencies may hold different data and have different needs for the data, he added that securing data and ensuring privacy requires cooperation among all stakeholders.
“Collaboration is necessary across the commonwealth and its constituents, across States and the Federal government, together with the private sector, otherwise organizations will be hard-pressed to accomplish the behaviors that the well-intended legislation had aimed to achieve,” Shier said.