Pennsylvania Senate Committee Approves Bill Updating Notification Process For Data Breaches
HARRISBURG (KDKA) - A statewide data breach exposed the personal, sensitive health data of nearly 72,000 Pennsylvanians. The breach involved the third-party vendor Insight Global, hired by the Pennsylvania Department of Health to handle COVID-19 contact tracing.
Last week, the Department of Health said it would end the contract with the company on June 19, one month early. The breach is now the subject of a federal class action lawsuit and now lawmakers are getting involved.
On Monday, a committee in the Pennsylvania Senate unanimously approved a proposal to beef up the state's Breach of Personal Information Act.
"Surprisingly a unanimous vote, even though the Office of Administration was opposing the bill," said Sen. Pat Stefano, R-Fayette.
Sen. Stefano sits as vice chair of the Senate's Communications and Technology Committee. It's the committee pushing for answers on the Insight Global data breach. Sen. Stefano tells KDKA's Meghan Schiller the governor's office expressed concerns over the bill, but still voted "yes."
"We sat here for almost two months not even knowing that there was a data breach until we found out," said Sen. Stefano.
That's the reason Senator Kristin Phillips-Hill said this legislation is timely.
"To date we still have many questions that have not been answered, we have many concerns that remain unresolved," said Sen. Phillips-Hill, R-York.
Senator Dan Laughlin sponsored the legislation, saying Monday the breach shouldn't have happened.
"And the Wolf administration didn't notify them. This law would have addressed that, but honestly we shouldn't have had to have that," said Sen. Laughlin.
Sen. Laughlin's new bill would require any state agency, county, school district or municipality that experiences a data breach to provide notice of the breach within seven days of discovery and notify the state's Attorney General within 3 business days, or notify the DA's office within three days if the breach occurs on the county level.
Sen. Stefano drafted an amendment on the bill, also unanimously approved, adding that these protections must also cover "third party vendors," like Insight Global.
"That's why we amended it to include these third-party contractors because there's a lot of them in the state," said Sen. Stefano.
The legislation now advances to the full Senate for its consideration.
