The Pennsylvania Senate has unanimously passed legislation that would require state and local government agencies to notify the public of data breaches involving personal information within one week.
Majority Leader Dominic Pileggi said he drafted the measure, Senate Bill 162, after three separate thefts of state-owned computers with personal information.
Pileggi said that even though the computers included at least 17,800 Social Security numbers and other personal information of approximately 400,000 state residents, the state agencies involved did not notify the public until two or three weeks later.
The bill would also require state attorney general’s office to investigate every breach involving state agencies. Breaches involving local governments would be investigated by the county district attorney’s office.
I don’t find any comparable bill in the House, though. If anyone knows more about this, please let me know.