PRIOR PRINTER'S NO. 2242 PRINTER'S NO. 2359
No. 351 Session of 2005
INTRODUCED BY FLICK, PRESTON, S. H. SMITH, BAKER, PETRARCA,
ADOLPH, ARMSTRONG, BALDWIN, BARRAR, BEBKO-JONES, BIANCUCCI,
BLAUM, BOYD, BUNT, CALTAGIRONE, CAPPELLI, CASORIO, CIVERA,
CLYMER, CORNELL, CRAHALLA, CRUZ, CURRY, DeLUCA, DENLINGER,
DeWEESE, J. EVANS, FAIRCHILD, FICHTER, FRANKEL, FREEMAN,
GEIST, GEORGE, GINGRICH, GOOD, GOODMAN, GRUCELA, HARHAI,
HARRIS, HERMAN, HERSHEY, HESS, HICKERNELL, JAMES, JOSEPHS,
KAUFFMAN, KENNEY, KILLION, KOTIK, LaGROTTA, LEDERER, LEH,
MAITLAND, MANDERINO, MARKOSEK, MARSICO, McCALL, McGEEHAN,
MICOZZIE, MILLARD, S. MILLER, MUNDY, MUSTIO, MYERS, NAILOR,
O'NEILL, PALLONE, PAYNE, PETRI, PETRONE, PHILLIPS, PICKETT,
PISTELLA, PYLE, QUIGLEY, RAYMOND, READSHAW, ROBERTS, ROHRER,
ROSS, RUBLEY, SAINATO, SANTONI, SCAVELLO, SEMMEL, SHANER,
SHAPIRO, B. SMITH, SOLOBAY, STABACK, R. STEVENSON,
T. STEVENSON, STURLA, TANGRETTI, E. Z. TAYLOR, J. TAYLOR,
THOMAS, TIGUE, TRUE, TURZAI, WALKO, WANSACZ, WATSON,
WHEATLEY, WOJNAROSKI, WRIGHT, YOUNGBLOOD, ZUG, ROONEY AND
FABRIZIO, JUNE 21, 2005
AS RE-REPORTED FROM COMMITTEE ON CONSUMER AFFAIRS, HOUSE OF
REPRESENTATIVES, AS AMENDED, JUNE 28, 2005
A RESOLUTION
1 Establishing a select committee to investigate and review the
2 policies, procedures and practices in place by the various
3 Commonwealth agencies, authorities, boards, commissions,
4 councils, departments and offices and the entities they
5 license or regulate to protect the personal health, financial
6 and other sensitive data of the citizens of this
7 Commonwealth.
8 WHEREAS, Identity theft is one of the fastest growing crimes
9 in the nation, causing more than $2 billion in losses to
10 consumers, businesses and government bodies in this
11 Commonwealth; and
12 WHEREAS, The General Assembly is committed to the protection
1 of the personal health, financial and other sensitive data of
2 the residents of this Commonwealth; and
3 WHEREAS, The dramatic increase in computer interconnectivity
4 and Internet usage are changing the way the Commonwealth and the
5 nation are communicating and conducting business; and
6 WHEREAS, Without proper safeguards, this interconnectivity
7 poses tremendous risks that make it easier for individuals and
8 groups to gain access to improperly protected systems within
9 Commonwealth agencies, authorities, boards, commissions,
10 councils, departments and offices and the entities they license
11 or regulate; and
12 WHEREAS, Those agencies, authorities, boards, commissions,
13 councils, departments and offices and the entities they license
14 or regulate have critical facilities that support the
15 processing, storage and transmission of personal health,
16 financial and other sensitive data; and
17 WHEREAS, The public's trust and confidence that those
18 agencies, authorities, boards, commissions, councils,
19 departments and offices and the entities they license or
20 regulate are protecting personal health, financial and other
21 sensitive data is critical to carrying out the mission and laws
22 of this Commonwealth; and
23 WHEREAS, Potential information security weaknesses within
24 those agencies, authorities, boards, commissions, councils,
25 departments and offices and the entities they license or
26 regulate can place critical State operations and programs at
27 risk for disruption, fraud and inappropriate disclosure of
28 health, financial and other sensitive data; therefore be it
29 RESOLVED, That the House of Representatives establish a
30 select committee to investigate and review the policies,
20050H0351R2359 - 2 -
1 procedures and practices in place by the various Commonwealth
2 agencies, authorities, boards, commissions, councils,
3 departments and offices and the entities they license or
4 regulate to determine if they have appropriate and necessary
5 information security in place to:
6 (1) protect their information and information systems
7 from unauthorized access, use, disclosure, disruption,
8 modification or destruction;
9 (2) protect the confidentiality, integrity and
10 availability of that information and their information
11 systems;
12 (3) meet industry, public and private sector and Federal
13 best practices;
14 (4) meet all Federal and State laws and rules and
15 regulations;
16 (5) determine if authority has been properly delegated
17 to appropriate personnel in order to ensure compliance with
18 any information security programs and all Federal and State
19 laws;
20 (6) conduct regular risk assessments to assess and
21 adjust any information security programs to meet current
22 threats;
23 (7) periodically test and evaluate information security
24 controls and techniques; and
25 (8) ensure that information security programs and all
26 Federal and State laws and regulations are effectively
27 implemented;
28 and be it further
29 RESOLVED, That the select committee consist of 28 members of
30 the House of Representatives, 16 members from the majority party
20050H0351R2359 - 3 -
1 and 12 members from the minority party; and be it further
2 RESOLVED, That the Speaker of the House of Representatives
3 appoint 16 members of the House of Representatives, including
4 the chairman of the select committee, from the Consumer Affairs
5 Committee, the Commerce Committee, the Judiciary Committee and
6 the State Government Committee; and be it further
7 RESOLVED, That the Minority Leader of the House of
8 Representatives appoint 12 members of the House of
9 Representatives from the Consumer Affairs Committee, the
10 Commerce Committee, the Judiciary Committee and the State
11 Government Committee; and be it further
12 RESOLVED, That the select committee hold hearings, take
13 testimony and make its investigation at such places as it deems
14 necessary in this Commonwealth; and be it further
15 RESOLVED, THAT IF THE SELECT COMMITTEE DETERMINES THAT <--
16 TESTIMONY IT IS ABOUT TO RECEIVE IS OF A CONFIDENTIAL NATURE OR
17 WOULD DISCLOSE PRACTICES WHICH, IF MADE PUBLIC, MAY COMPROMISE
18 SECURITY MEASURES ALREADY IN PLACE OR WHICH MAY BE PUT IN PLACE
19 IN THE FUTURE, THE SELECT COMMITTEE BE PERMITTED TO CLOSE THE
20 HEARING TO THE PUBLIC, BUT ONLY FOR THE DURATION OF SUCH
21 CONFIDENTIAL OR SECURITY SENSITIVE TESTIMONY; AND BE IT FURTHER
22 RESOLVED, That the ordinary and reasonable expenses incurred
23 by the select committee be paid from accounts under the control
24 of the Chief Clerk; and be it further
25 RESOLVED, That the select committee submit a report of its
26 findings together with its recommendations for any appropriate
27 legislation or other action to the House of Representatives not
28 later than November 30, 2006.
F13L82DMS/20050H0351R2359 - 4 -