State and local government agencies will be required to notify the public of data breaches involving personal information within seven days under legislation authored by Senate Majority Leader Dominic Pileggi (R-9) and unanimously approved by the Senate.
“There’s no good reason to delay public notification after a data breach,” Pileggi said. “Potentially affected residents should know what happened as soon as possible when personal information is stolen so they can take steps to protect themselves from identity theft.”
Pileggi’s legislation, Senate Bill 114, was drafted in the wake of three separate thefts of state-owned computers containing at least 17,800 Social Security numbers and other personal information of approximately 400,000 state residents. The state agencies involved did not notify the public until several weeks had passed.
In 2012, numerous serious data breaches were reported in other states. A hacker stole a database including 3.6 million Social Security numbers from South Carolina’s Department of Revenue. In Utah, hackers downloaded 780,000 Medicaid records. In Tennessee, a hacker group accessed 110,000 records including Social Security numbers from a school district computer system.
“The theft of personal information is a growing concern,” Pileggi said. “State and local governments have a duty to do everything they can to protect the massive amount of data they maintain.”
SB 114 also requires the governor’s Office of Administration to develop and implement a policy to govern the proper storage of data that include personally identifiable information. The policy must take into account best practices from other states, with the goal of reducing the risk of any future data breaches.
About Press Release
(1 votes, average: 5.00 out of 5)
Loading...
Comments