House passes Driscoll, Ellis consumer protection bills

HARRISBURG, March 13 – A bipartisan pair of bills to help Pennsylvania consumers affected by data breaches passed the state House on Tuesday. These bills are sponsored by Commerce Committee Chairman Brian Ellis, R-Butler, and Rep. Mike Driscoll, D-Phila.

Ellis’ H.B. 1846 would amend the Breach of Personal Information Act to further define “breach of security of the system” and “personal information” for clarification. The bill would require notice to Pennsylvania residents whenever there is a breach of security of the system. The notice would have to be in plain language, and include the date of the breach, the type of information subject to the breach and toll-free numbers to credit reporting agencies. This notice would have to be made within 45 days of learning of a breach.

In addition, the breach would have to be reported to the Bureau of Consumer Protection in the Office of the Attorney General. If a state agency is the subject of a breach, the agency would have to provide notice of the breach to Pennsylvania residents without unreasonable delay. An agency under the governor’s jurisdiction would have to provide notice of the breach to the governor’s Office of Administration. If a county, school district or municipality is the subject of a breach, it would have to provide notice of the breach to residents without unreasonable delay as well. A county, school district or municipality would have to report its breach to the county district attorney in which the breach occurred.

“These bipartisan bills were introduced in the fall, following a very large data breach of Equifax, when it was originally estimated that more than 5 million Pennsylvanians had their personal information compromised,” Ellis said. “As always, these bills contain precautionary measures. We hope another breach doesn’t occur, but if it does, we want to make sure Pennsylvanians are safeguarded. That’s what these bills aim to do.”

Driscoll’s H.B. 1847 would waive the current credit freeze fee, which charges up to $10 per account. In the instance of a data breach, consumers would be provided with three years of free credit monitoring. None of these would apply to a credit reporting agency that has not experienced a breach.

“We have learned that the Equifax breach has affected millions more consumers than was first reported,” Driscoll said. “That is all the more reason why these bipartisan consumer protection bills are needed.”

The bills now go to the state Senate.