Pennsylvania Moving Toward Comprehensive Breach Rules

Data breaches have become a significant problem nationwide and can cost consumers and businesses alike substantial amounts of money when they occur. As a result, more government bodies are moving toward trying to increase consumer protections, and the latest to do so is the state of Pennsylvania.

A bill that was recently approved unanimously by the Pennsylvania State Senate would require the state’s various agencies to notify people affected by data breaches within a week of having been reported, according to a report from the PA Independent. That is a change from the current requirement, which uses the more ambiguous language that they be notified “as soon as possible.”

The bill, which was sponsored by Senate Majority Leader Dominic Pileggi, a Republican representing Delaware County, came just days after a major data breach exposed the information of more than 400,000 people, including the Social Security numbers for 17,800 of them, the report said. These cases involved the theft of computers owned by the state government, which contained the sensitive data. Unfortunately, those affected by the incident did not learn of it for a few weeks after it was discovered.

“There’s no good reason to delay public notification after a data breach,” Pileggi said, according to the news site. “Potentially affected residents should know what happened as soon as possible when personal information is stolen so they can take steps to protect themselves from identity theft.”

The bill also mandates that any state and local agencies must notify the Pennsylvania Office of Administration or their district attorneys within three days of a breach being discovered, the report said. It further says that the Office of Administration must develop a policy about how sensitive personal data for residents is stored.

[Featured Products: Research and compare Identity theft protection plans at Credit.com]

Data breaches happen with extreme frequency and the problem is growing more common as criminals devise new ways to obtain massive amounts of sensitive information for consumers and businesses alike.

Consumers who want to protect themselves as best as possible from the fallout of such incidents should try to keep a close eye on their credit reports and various accounts in an effort to determine whether someone has gained access to them.