Ellis, Driscoll consumer protection bills advance to full House

Would help Pennsylvanians in event of data breaches

HARRISBURG, Oct. 16 – A bipartisan pair of bills to help Pennsylvania consumers affected by data breaches has advanced out of the House Commerce Committee to the full House of Representatives.

The bills are sponsored by Commerce Committee Chairman Brian Ellis, R-Butler, and Rep. Mike Driscoll, D-Phila.

Ellis said, "It is my hope that future massive data breaches do not occur, but if they do, the safeguards in these pieces of bipartisan legislation will help protect and assist consumers after a breach happens."

Driscoll said: "I believe our bipartisan cooperation bodes well for passing this legislation and making real progress on this issue that affects millions of Pennsylvanians. I am pleased to work with Chairman Ellis and Attorney General Josh Shapiro to move forward on this."

Ellis' bill (H.B. 1846) would amend the Breach of Personal Information Act to further define “breach of security of the system” and “personal information” for clarification. The bill would require notice to commonwealth residents when there is a breach of security of the system. The notice would have to be in plain language, and include the date of the breach, the type of information subject to the breach and toll-free numbers to credit reporting agencies. This notice would have to be made within 45 days of learning of a breach.

In addition, the breach would have to be reported to the Bureau of Consumer Protection in the Attorney General’s Office. If a state agency is the subject of a breach, the agency would have to provide notice of the breach to commonwealth residents without unreasonable delay. An agency under the governor’s jurisdiction would have to provide notice of the breach to the governor’s Office of Administration. If a county, school district or municipality is the subject of a breach, it would have to provide notice of the breach to residents without unreasonable delay as well.

A county, school district, or municipality would have to report its breach to the district attorney for the county where the breach occurred. Any violation of the bill’s provisions would fall under the Unfair Trade Practices and Consumer Protection Law, and the Attorney General’s Office would have the right to file charges.

Driscoll’s bill (H.B. 1847) would waive the current credit freeze fee, which charges up to $10 per account. In the instance of a data breach, consumers would be provided with three months of free credit monitoring and up to three free credit reports for one calendar year after the date the breach is reported. None of these would apply to a credit reporting agency that has not experienced a breach.

Ellis said the bills are expected to receive a vote in the House Oct. 23.