The Senate Communications and Technology Committee today approved a measure which provides specific time frames for state agencies, counties, school districts and municipalities to notify law enforcement and the public of breaches, according to Senator Randy Vulakovich (R-40), Chairman of the Committee.
Senate Bill 114, sponsored by Senate Majority Leader Dominic Pileggi (R-9), would amend the Breach of Personal Information Notification Act by requiring state agencies, county and municipal governments, and school districts to report a data breach within three business days to the Attorney General, in the case of state agencies, or district attorney for local governments. The bill would put a specific one-week notification requirement in place for breaches involving state agencies and municipalities.
“Current law requires the public to be notified of a data breach ‘without unreasonable delay’,” said Sen. Vulakovich. “Senate Bill 114 would put in place specific time frames for notification.”
According to Senator Pileggi, this legislation was drafted after reports of three separate thefts of state-owned computers containing personal information. Although those computers included at least 17,800 Social Security numbers and other personal information of approximately 400,000 state residents, the state agencies involved did not notify the public until two or three weeks after the incidents.
“Having spent my career in law enforcement, I know how imperative it is to contact the authorities as soon as foul play is suspected — even if it turns out to be nothing,” said Sen. Vulakovich (R-40). “The sooner a data breach is reported, the sooner law enforcement will be able make a determination if there is criminal activity, and ultimately save taxpayer’s money.”
SB 114 now heads to the full Senate for further consideration.