PRIOR PRINTER'S NO. 2242 PRINTER'S NO. 2359
No. 351 Session of 2005
INTRODUCED BY FLICK, PRESTON, S. H. SMITH, BAKER, PETRARCA, ADOLPH, ARMSTRONG, BALDWIN, BARRAR, BEBKO-JONES, BIANCUCCI, BLAUM, BOYD, BUNT, CALTAGIRONE, CAPPELLI, CASORIO, CIVERA, CLYMER, CORNELL, CRAHALLA, CRUZ, CURRY, DeLUCA, DENLINGER, DeWEESE, J. EVANS, FAIRCHILD, FICHTER, FRANKEL, FREEMAN, GEIST, GEORGE, GINGRICH, GOOD, GOODMAN, GRUCELA, HARHAI, HARRIS, HERMAN, HERSHEY, HESS, HICKERNELL, JAMES, JOSEPHS, KAUFFMAN, KENNEY, KILLION, KOTIK, LaGROTTA, LEDERER, LEH, MAITLAND, MANDERINO, MARKOSEK, MARSICO, McCALL, McGEEHAN, MICOZZIE, MILLARD, S. MILLER, MUNDY, MUSTIO, MYERS, NAILOR, O'NEILL, PALLONE, PAYNE, PETRI, PETRONE, PHILLIPS, PICKETT, PISTELLA, PYLE, QUIGLEY, RAYMOND, READSHAW, ROBERTS, ROHRER, ROSS, RUBLEY, SAINATO, SANTONI, SCAVELLO, SEMMEL, SHANER, SHAPIRO, B. SMITH, SOLOBAY, STABACK, R. STEVENSON, T. STEVENSON, STURLA, TANGRETTI, E. Z. TAYLOR, J. TAYLOR, THOMAS, TIGUE, TRUE, TURZAI, WALKO, WANSACZ, WATSON, WHEATLEY, WOJNAROSKI, WRIGHT, YOUNGBLOOD, ZUG, ROONEY AND FABRIZIO, JUNE 21, 2005
AS RE-REPORTED FROM COMMITTEE ON CONSUMER AFFAIRS, HOUSE OF REPRESENTATIVES, AS AMENDED, JUNE 28, 2005
A RESOLUTION 1 Establishing a select committee to investigate and review the 2 policies, procedures and practices in place by the various 3 Commonwealth agencies, authorities, boards, commissions, 4 councils, departments and offices and the entities they 5 license or regulate to protect the personal health, financial 6 and other sensitive data of the citizens of this 7 Commonwealth. 8 WHEREAS, Identity theft is one of the fastest growing crimes 9 in the nation, causing more than $2 billion in losses to 10 consumers, businesses and government bodies in this 11 Commonwealth; and 12 WHEREAS, The General Assembly is committed to the protection
1 of the personal health, financial and other sensitive data of 2 the residents of this Commonwealth; and 3 WHEREAS, The dramatic increase in computer interconnectivity 4 and Internet usage are changing the way the Commonwealth and the 5 nation are communicating and conducting business; and 6 WHEREAS, Without proper safeguards, this interconnectivity 7 poses tremendous risks that make it easier for individuals and 8 groups to gain access to improperly protected systems within 9 Commonwealth agencies, authorities, boards, commissions, 10 councils, departments and offices and the entities they license 11 or regulate; and 12 WHEREAS, Those agencies, authorities, boards, commissions, 13 councils, departments and offices and the entities they license 14 or regulate have critical facilities that support the 15 processing, storage and transmission of personal health, 16 financial and other sensitive data; and 17 WHEREAS, The public's trust and confidence that those 18 agencies, authorities, boards, commissions, councils, 19 departments and offices and the entities they license or 20 regulate are protecting personal health, financial and other 21 sensitive data is critical to carrying out the mission and laws 22 of this Commonwealth; and 23 WHEREAS, Potential information security weaknesses within 24 those agencies, authorities, boards, commissions, councils, 25 departments and offices and the entities they license or 26 regulate can place critical State operations and programs at 27 risk for disruption, fraud and inappropriate disclosure of 28 health, financial and other sensitive data; therefore be it 29 RESOLVED, That the House of Representatives establish a 30 select committee to investigate and review the policies, 20050H0351R2359 - 2 -
1 procedures and practices in place by the various Commonwealth 2 agencies, authorities, boards, commissions, councils, 3 departments and offices and the entities they license or 4 regulate to determine if they have appropriate and necessary 5 information security in place to: 6 (1) protect their information and information systems 7 from unauthorized access, use, disclosure, disruption, 8 modification or destruction; 9 (2) protect the confidentiality, integrity and 10 availability of that information and their information 11 systems; 12 (3) meet industry, public and private sector and Federal 13 best practices; 14 (4) meet all Federal and State laws and rules and 15 regulations; 16 (5) determine if authority has been properly delegated 17 to appropriate personnel in order to ensure compliance with 18 any information security programs and all Federal and State 19 laws; 20 (6) conduct regular risk assessments to assess and 21 adjust any information security programs to meet current 22 threats; 23 (7) periodically test and evaluate information security 24 controls and techniques; and 25 (8) ensure that information security programs and all 26 Federal and State laws and regulations are effectively 27 implemented; 28 and be it further 29 RESOLVED, That the select committee consist of 28 members of 30 the House of Representatives, 16 members from the majority party 20050H0351R2359 - 3 -
1 and 12 members from the minority party; and be it further 2 RESOLVED, That the Speaker of the House of Representatives 3 appoint 16 members of the House of Representatives, including 4 the chairman of the select committee, from the Consumer Affairs 5 Committee, the Commerce Committee, the Judiciary Committee and 6 the State Government Committee; and be it further 7 RESOLVED, That the Minority Leader of the House of 8 Representatives appoint 12 members of the House of 9 Representatives from the Consumer Affairs Committee, the 10 Commerce Committee, the Judiciary Committee and the State 11 Government Committee; and be it further 12 RESOLVED, That the select committee hold hearings, take 13 testimony and make its investigation at such places as it deems 14 necessary in this Commonwealth; and be it further 15 RESOLVED, THAT IF THE SELECT COMMITTEE DETERMINES THAT <-- 16 TESTIMONY IT IS ABOUT TO RECEIVE IS OF A CONFIDENTIAL NATURE OR 17 WOULD DISCLOSE PRACTICES WHICH, IF MADE PUBLIC, MAY COMPROMISE 18 SECURITY MEASURES ALREADY IN PLACE OR WHICH MAY BE PUT IN PLACE 19 IN THE FUTURE, THE SELECT COMMITTEE BE PERMITTED TO CLOSE THE 20 HEARING TO THE PUBLIC, BUT ONLY FOR THE DURATION OF SUCH 21 CONFIDENTIAL OR SECURITY SENSITIVE TESTIMONY; AND BE IT FURTHER 22 RESOLVED, That the ordinary and reasonable expenses incurred 23 by the select committee be paid from accounts under the control 24 of the Chief Clerk; and be it further 25 RESOLVED, That the select committee submit a report of its 26 findings together with its recommendations for any appropriate 27 legislation or other action to the House of Representatives not 28 later than November 30, 2006. F13L82DMS/20050H0351R2359 - 4 -