SB 272, PN 254 (Mastriano) – Amends Title (30) by providing for free fishing licenses for disabled first responders. A vote of 49-0 was recorded.
SB 482, PN 1185 (Phillips-Hill) – Creates the Office of Information Technology within the Governor’s Office of Administration to manage all Commonwealth information technology services, projects, and purchasing. A vote of 29-20 was recorded.
SB 696, PN 793 (Laughlin) – Requires state and local governments, as well as state contractors, to notify individuals when their personal, health insurance, or medical information was or may have been disclosed to an unauthorized party due to a security breach.
Senator Phillips-Hill offered amendment A03451 which makes some technical changes to the bill, including the definitions, and adds the following notification requirements regarding a breach of the security system of a state agency or contractor:
- Requires the state agency, not the state agency contractor, to provide notice of the breach within 7 days following its determination of a breach or the state agency’s notification of a breach. It must concurrently notify the Attorney General’s Office.
- Adds that a state agency contractor must notify, within 7 days of the determination of a breach, the chief information officer, or designee, of the state agency for whom the work is being performed;
- Would not require state agencies to make reasonable efforts to amend existing contracts with subcontractors to reflect the breach notification requirements of the bill if the existing contract already includes breach notification requirements.
- Changes the notification deadline for counties, school districts and municipalities to notify PA residents, whose info is subject of a breach, from 7 days from discovery of the breach to 7 days from the determination of the breach.
- Removes individuals and businesses doing business in PA, as well as state agency contractors, from benefitting from the language that allows entities to comply with notification under the Act by sending electronic notifications to users when there is a breach of security involving access to their online accounts.
o This amendment would instead only allow state agencies, counties, school districts and municipalities to send these electronic notifications, but adds that state agency contractors can comply by sending a list of affected residents to the state agency subject of the breach.
- The current law requires state agency and contractor employees working with personal information to use encryption to protect the transmission of that info over the Internet from being viewed or modified by third parties. This clarifies that this applies to protection from “unauthorized” third parties.
- This clarifies that the Governor’s Office of Administration policy for storage of “personally identifiable information” applies to “personal information” as defined in the Act.
- The current law allows all entities to comply with this Act if they are already in compliance with the Federal notification requirements of their primary Federal regulator. This amendment limits this exemption only to state agencies or their contractors in compliance with the notification requirements of their Federal regulators, and effectively removes political subdivisions and individuals/businesses doing business in PA from benefitting from this exemption.
The amendment was approved by a vote of 43-6. The bill was approved by a vote of 32-17.
SB 726, PN 1326 (Phillips-Hill) – Amends Title 18 (Crimes and Offenses) to provide for new criminal offenses related to the use and possession of “ransomware” and establishes guidelines for notifications and payments in the event of a ransomware attack. A vote of 29-20 was recorded.
SB 818, PN 1327 (J. Ward) – Amends the Health Care Facilities Act, by aligning and permitting surgical procedures performed at ambulatory surgical centers with surgical procedures on the Centers for Medicare and Medicaid Services (CMS) Services Ambulatory Surgical Center Covered Procedures List (ASC-CPL). A vote of 36-13 was recorded.
HB 1588, PN 2323 (Mercuri) – Makes permanent a waiver issued under the Governor’s emergency orders allowing remote mortgage banking. A vote of 49-0 was recorded.
The Senate confirmed the following executive nominations by a vote of 49-0:
William C. Brock, Pennsylvania Fish and Boat Commission (reappointment)
Richard Lewis, Pennsylvania Fish and Boat Commission (reappointment)
Robert J. Small, Pennsylvania Fish and Boat Commission (reappointment)