Home Table of Contents

§ 2305a. Encryption required

Purdon's Pennsylvania Statutes and Consolidated StatutesTitle 73 P.S. Trade and CommerceEffective: May 2, 2023

Purdon's Pennsylvania Statutes and Consolidated Statutes
Title 73 P.S. Trade and Commerce (Refs & Annos)
Chapter 43. Breach of Personal Information Notification Act (Refs & Annos)
Effective: May 2, 2023
73 P.S. § 2305a
§ 2305a. Encryption required
(a) General rule.--An entity that maintains, stores or manages computerized data on behalf of the Commonwealth that constitutes personal information shall utilize encryption, or other appropriate security measures, to reasonably protect the transmission of personal information over the Internet from being viewed or modified by an unauthorized third party.
(b) Transmission policy.--An entity that maintains, stores or manages computerized data on behalf of the Commonwealth that constitutes personal information shall develop and maintain a policy to govern the proper encryption or other appropriate security measures and transmission of data by State agencies.
(c) Considerations.--In developing the policy, an entity shall reasonably consider similar existing Federal policies and other policies, best practices identified by other states and relevant studies and other sources as appropriate in accordance with best practices as established by the Federal Government and the Commonwealth.
(d) Review and update.--The policy shall be reviewed at least annually and updated as necessary.

Credits

2005, Dec. 22, P.L. 474, No. 94, § 5.1, added 2022, Nov. 3, P.L. 2139, No. 151, § 4, effective in 180 days [May 2, 2023].
73 P.S. § 2305a, PA ST 73 P.S. § 2305a
Current through Act 10 of the 2024 Regular Session. Some statute sections may be more current, see credits for details.
End of Document