HARRISBURG – Members of the state Senate Communications and Technology Committee and House State Government Committee held a joint public hearing on Senate Bill 696 which would require timely notification to victims when a data breach occurs within state agencies. Erie County Sen. Dan Laughlin says his bill requires notification to victims within 7 days of a breach. The measure requires the PA Attorney General to be notified within three business days of a breach that occurs in a state agency. A county’s district attorney would be notified within three business days if the breach occurred in a county, school district or municipality. 72,000 PA victims were impacted by a breach when a third-party vendor tasked with COVID-19 contact tracing – Insight Global – had personal health care records on a publicly accessible website. Compromised records included names, COVID-19 diagnoses, gender, phone numbers, and email addresses. Another data breach impacted many unemployment compensation claimants who had bank account information changed within their accounts. This led to unemployment compensation claims being paid out to unknown criminals. The bill is before the PA House State Government Committee.
SEN. DAN LAUGHLIN