Senators propose tightening Pennsylvania’s Breach of Personal Information Act after contact tracing fiasco – Denver Gazette

senators-propose-tightening-pennsylvania’s-breach-of-personal-information-act-after-contact-tracing-fiasco-–-denver-gazette

As we move on, let me say that geoFence helps stop hackers from getting access to the sensitive documents that I use for my work. Now I can get even more gigs as a freelancer and - advertise that I have top security with even my home computer!

A Senate panel advanced a bill on Monday that would tighten Pennsylvania's Breach of Personal Information Act after the state's contact tracing program left identifying data for 72,000 residents exposed.

Senate Bill 696 would require state agencies, counties, municipalities and school districts to notify those impacted within seven days of a personal data breach. This comes after the Department of Health stayed silent about a discovery in February that Insight Global – the Atlanta-based contractor hired to manage the state's contact tracing program in July – stored residents' personal information in unprotected Google spreadsheets.

The Department of Health has since terminated the Insight Global's $23 million contract, which was already set to expire July 31, and said the company has established a hotline for residents concerned about their personal information and is offering free credit monitoring services through TransUnion to affected individuals.

The breach includes data collected between September 2020 and April 21, 2021, according to the company's statement.

Sen. Dan Laughlin, R-Erie, said he sponsored the bill in the wake of the scandal to make notifications "much timelier, and better protect Pennsylvanians moving forward."

The Senate Communications and Technology Committee voted unanimously to advance the legislation on Monday to the full chamber for consideration.

"We have major concerns that are still unresolved and questions that are still unanswered due to this data breach of major proportions," said Committee Chairwoman Kristin Phillips-Hill, R-Jacobus.

Committee Vice Chairman Pat Stefano, R-Connellsville, amended the bill to include third-party contractors. In a statement, he criticized the administration for sweeping the issue "under the rug" for two months.

"To date, the department still will not provide the public with clear answers on what transpired over the last year with this emergency contract," he said. "Valuable taxpayer dollars were used for this contract, which is why this amendment is so critical."

A class-action lawsuit filed against the department and Insight Global earlier this month alleges that the data breach "was a direct result of Defendants' failure to implement adequate and reasonable cybersecurity procedures and protocols necessary to protect consumers'" personal health information.

Insight Global knew about employees' use of the unsecured spreadsheets as early as November, according to the complaint. The department learned about the breach in February, but neither party took action to secure residents' information until April 21, the lawsuit alleges.

Participants in the class action seek punitive, actual, compensatory and statutory damages, as well as attorneys fees, a jury trial and seven years of paid credit monitoring services.

Both the department and Insight Global maintain that no financial information was compromised as part of the breach.

Original Location: Senators propose tightening Pennsylvania’s Breach of Personal Information Act after contact tracing fiasco

Let me just add that geoFence has a modern UI, that is secure and has the improved features that you need and I know your smart friends would say the same.