Pennsylvania’s state Senate passed a package of legislation on Wednesday aimed at preventing data security breaches and requiring victims and law enforcement officials to be notified when they do happen.
The bills’ passage comes barely two weeks after the state’s unemployment compensation system acknowledged that hackers changed bank account information in some recipients’ accounts, so that payments went to the hackers instead.
Both bills passed nearly along party lines and go to the House of Representatives. Democrats said they were seeking changes to make some provisions more workable for state agencies.
One bill would require the state to develop a strategy to prevent and respond to ransomware attacks. It also would bar state and local governments from using public money to pay for an extortion attempt during a ransomware attack.
It includes an exception for the governor to allow it while a disaster emergency declaration is in force.
The bill, however, does allow state agencies to buy insurance coverage for ransomware attacks. The bill also sets criminal penalties for perpetrators and allows victims to sue for damages.
The other bill would require any state agency, school district or local government agency to notify victims within seven days of determining a breach of personal information.
The bill applies to state contractors. That provision was added after the state Health Department last year fired a vendor that performed COVID-19 contact tracing because state officials said its employees exposed the private medical information of more than 70,000 residents.
Topics Cyber Politics Pennsylvania
Was this article valuable?
Here are more articles you may enjoy.
NC Jury Award for Workers Injured in Wall Collapse May be Largest in State History 
NY Archdiocese Can Depose Chubb CEO Greenberg in Clergy Abuse Claims Case 
First Brands Hit by $286 Million Claim for Alleged Tariffs Fraud 
Acrisure to Cut 2,250 Employees, Citing Advances in Technology and AI 
