As the General Assembly continues its review of the major data breach by a firm hired by the state for COVID-19 contract tracing, the Senate Communications & Technology Committee today (May 24) approved a bill requiring timely public notification when a security breach compromises personal information, according to Senator Dan Laughlin, prime sponsor of the bill.
Senate Bill 696 updates the Breach of Personal Information Notification Act to require state agencies victimized by a breach involving personally identifiable information to report the incident to those affected within seven days.
Atlanta-based Insight Global recently acknowledged that it mishandled sensitive information that may have compromised COVID-19 contact tracing data, potentially disclosing the personal information of some 72,000 people.
“It is understandable that any agency victimized by a data breach would be embarrassed and reluctant to publicly report the incident, but it is certainly much more important to immediately inform citizens about the theft of their personal information so that they can take steps to protect their assets,” said Senator Laughlin. “The Insight Global case clearly shows the need for the state to act quickly to protect its citizens when a data breach occurs.”
Senate Bill 696 also requires the state Attorney General be informed of any breach and for executive branch agencies to notify the Office of Administration within three days following a breach. In addition, the bill requires the Office of Administration to keep a policy for the storage and transmission of personal identifiable information.
“Information security is an endless battle. Accomplished hackers are smart, and they are sophisticated when it comes to technology. They enjoy the challenge of matching wits with the technicians charged with providing IT security for government, corporations and financial institutions,” Senator Laughlin said. “That’s what makes Senate Bill 696 so important. We can only hope that the hard work of the state’s IT professionals will be effective in protecting our systems, but we must ready to immediately respond in the event of a breach.”
###
Click here for video of Senator Laughlin’s comments on his bill.
Click here for audio of Senator Laughlin’s comments on his bill.
Click here for video of the complete committee meeting.
Contact: Matt Azeles mazeles@pasen.gov