Matzie bill would help secure sensitive online data used by state

AMBRIDGE, April 13 – State Rep. Rob Matzie, D-Beaver/Allegheny, today said he is reintroducing his Protecting Commonwealth Data legislation that would require state employees conducting state business to use encryption to protect personal, online information from being viewed or modified by a third party.

“Currently, Pennsylvania law does not require state employees transmitting sensitive information to use defensive programming or encryption, creating a security gap that could be exploited,” Matzie said. “My House Bill 1325 would protect Pennsylvanians by requiring that state employees use encryption when transmitting Social Security numbers, driver’s license numbers, financial information and other sensitive data.

“My commonsense measure would help make transactions with the state safer by curtailing the use of non-secure internet connections,” Matzie said.

Similar legislation introduced by Matzie in 2014 received bipartisan support and unanimous approval in the House Consumer Affairs Committee but was not called up for consideration by the full House.

“I was out front on this issue in 2014 and now -- with publicized hacks to government entities, including the Pennsylvania Senate -- it’s apparent that states like Pennsylvania must step up with laws to protect residents’ privacy.” Matzie said. “The recent federal action has forced states to push for safe guards, and a host of bills are being crafted or introduced all over the country to solidify consumer protections.”

Matzie’s Protecting Commonwealth Data legislation dovetails with bills unveiled this week by other House Democrats in the wake of a new federal law scuttling Federal Communications Commission protections of sensitive, online personal information. The consumer privacy measures include:

  • Requiring  internet service providers and telecommunications companies to notify its customers of its privacy and security policies in concise, timely and easily understandable language;

    Requiring opt-in permissions from consumers before information ranging from customers’ locations to financial information, Social Security numbers and Web browsing and app usage histories can be marketed;

  • Enabling internet customers to opt out of any collection or selling of their proprietary information;

  • Requiring identification of reasonable internal and external control risks to the privacy and security of customers’ personal data; and

  • Compelling notification of customers when a data breach of customer personal data occurs.