(No. 97) (Approved June 19, 2008) AN ACT

Similar documents
(Approved July 30, 2007) AN ACT

(No. 277) (Approved December 12, 2002) AN ACT

(No. 428) (Approved September 22, 2004) AN ACT

Chapter PERSONAL INFORMATION PROTECTION ACT. Article 01. BREACH OF SECURITY INVOLVING PERSONAL INFORMATION

(No. 229) (Approved August 24, 2004) AN ACT

ASSEMBLY, No STATE OF NEW JERSEY. 218th LEGISLATURE PRE-FILED FOR INTRODUCTION IN THE 2018 SESSION

(No. 74) (Approved August 25, 2005) AN ACT

1 HB By Representative Williams (P) 4 RFD: Technology and Research. 5 First Read: 13-FEB-18. Page 0

(No. 9) (Approved February 12, 2007) AN ACT

(No. 99) (Approved June 14, 2000) AN ACT

(No. 123) (Approved September 19, 1997) AN ACT

Policy To Protect Personal Information

(No. 384) (Approved September 17, 2004) AN ACT

Security Breach Notification Chart

(S.B. 2434) (No. 321) (Approved September 2, 2000) AN ACT

(No. 160) (Approved November 17, 2001) AN ACT

Security Breach Notification Chart

(No. 411) (Approved October 8, 2000) AN ACT

THE GENERAL ASSEMBLY OF PENNSYLVANIA HOUSE BILL

1 SB By Senators Orr and Holley. 4 RFD: Governmental Affairs. 5 First Read: 13-FEB-18. Page 0

1 SB By Senators Orr and Holley. 4 RFD: Governmental Affairs. 5 First Read: 13-FEB-18. Page 0

(Approved September 10, 2014) AN ACT

OKLAHOMA IDENTITY THEFT RANKING BY STATE: Rank 25, 63.9 Complaints Per 100,000 Population, 2312 Complaints (2007) Updated January 10, 2009

AN ACT (S. B. 452) (No ) (Approved November 16, 2009)

(No. 143) (Approved August 1, 2008) AN ACT. To establish the Good Samaritan Act for collaborators in a construction affected by a natural disaster.

Memorandum of Understanding between SAMPLE. Toronto Police Service (hereinafter called the "Service") and. (hereinafter called the "Agency")

(No ) AN ACT

GUIDELINE FOR PROTECTION OF PERSONAL INFORMATION

Security Breach Notification Chart

Security Breach Notification Chart

(H.B. 3134) (No. 278) (Approved December 19, 2002) AN ACT

(No. 105) (Approved April 10, 2003) AN ACT

State Data Breach Laws

(Approved December 30, 2010) AN ACT

(No. 61) (Approved August 5, 2009) AN ACT

(No. 457) (Approved December 28, 2000) AN ACT

(No. 76) (Approved May 5, 2000) AN ACT

Security Breach Notification Chart

(No ) (Approved January 5, 2012) AN ACT

COLORADO HB PROTECTIONS FOR CONSUMER DATA PRIVACY

(No. 73) (Approved August 12, 1997) AN ACT

COMMONWEALTH OF PUERTO RICO DEPARTMENT OF THE TREASURY INDEX

[To be published in THE GAZETTE OF INDIA, EXTRAORDINARY, Part II, Section 3, Sub-section (i) of dated the , 2011]

DATA MATCHING AGREEMENTS ACT 1 B I L L

Arent Fox LLP Survey of Data Breach Notification Statutes

2013 New Law Workbook

Secured Services Web Site Administrator Agreement

(No. 8) (Approved March 9, 2009) AN ACT

ORDINANCE NO Citation. This Division may be cited as the San Bernardino County Sunshine Ordinance or the Sunshine Ordinance.

(No. 185) (Approved August 3, 2004) AN ACT

Terms of Service for the JUKI PARTS Website

ORDINANCE NO. ^8465J

Comments on the Draft Digital Information Security in Healthcare Act

REGISTRANT AGREEMENT Version 1.5

SCHWARTZ & BALLEN LLP 1990 M STREET, N.W. SUITE 500 WASHINGTON, DC

MEMORANDUM OF UNDERSTANDING ON TERRORIST WATCHLIST REDRESS PROCEDURES

(S. B. 397) (Conference) (Reconsidered) (No. 281) (Approved September 27, 2003) AN ACT To create the Puerto Rico Jury Service Administration Act, for

(No. 281) (Approved September 27, 2003) AN ACT

Condominium Management Regulatory Authority of Ontario Access and Privacy Policy

1. THE SYSTEM AND INFORMATION ACCESS

(No. 205) (Approved August 28, 2003) AN ACT

CHAPTER 44 HOUSE BILL 2434 AN ACT

(Approved March 9, 2012) AN ACT

THE INTERSTATE COMPACT FOR JUVENILES ARTICLE I PURPOSE

Technology and the Threat to the Attorney- Client Privilege Suzanne Valdez

UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14

(No. 30) (Approved January 16, 2002) AN ACT

EMERGENCY MEDICAL SERVICES PERSONNEL LICENSURE INTERSTATE COMPACT ARTICLE I PURPOSE

Department of Defense INSTRUCTION. Guidance on Obtaining Information from Financial Institutions

TekSavvy Solutions Inc.

AD-A2 2 February 6, 1980 A ~ 169 NUMBER

Arent Fox LLP Survey of Data Breach Notification Statutes

(No. 300) (Approved September 2, 1999) AN ACT

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

Definitions The following terms have these meanings in this Policy: a. Act Personal Information Protection and Electronic Documents Act;

AIRCRAFT ACCIDENT AND INCIDENT INVESTIGATION

GUIDELINES FOR THE USE OF ELECTORAL PRODUCTS

OFFICE OF THE INFORMATION & PRIVACY COMMISSIONER for Prince Edward Island. Order No. PP Re: Elections PEI. March 15, 2019

KENTUCKY OPEN MEETING LAW

A BILL. (a) the owner of the device and/or geolocation information; or. (c) a person to whose geolocation the information pertains.

IN THE COMMONWEALTH COURT OF PENNSYLVANIA

A Guide to Ontario Legislation Covering the Release of Students

ACCESS AND PRIVACY POLICY

Senate Bill No. 72 Senators Care and Amodei

Limited Data Set Data Use Agreement

Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012

1 HB By Representative Hill. 4 RFD: Constitution, Campaigns and Elections. 5 First Read: 07-FEB-17 6 PFD: 01/27/2017.

PUBLIC RECORDS POLICY OF COVENTRY TOWNSHIP, SUMMIT COUNTY

(Approved January 1, 2003) AN ACT

Data Breach Charts. November 2017

ORDINANCE _ BOROUGH OF NEW ALBANY BRADFORD COUNTY, PENNSYLVANIA

CODERED NEXT SERVICES AGREEMENT

THE CITY OF VAUGHAN BY-LAW. BY-LAW NUMBER (Consolidated)

AN ACT (S. B. 1467) (No ) (Approved August 16, 2012)

Privacy and Access in British Columbia

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED DECEMBER 5, 2016

THE PEOPLE OF THE CITY OF LOS ANGELES DO ORDAIN AS FOLLOWS:

Executive Order Access to Classified Information August 2, 1995

GENERAL ASSEMBLY OF NORTH CAROLINA SESSION 1999 S 1 SENATE BILL 1266

LIBRARY LICENSE AGREEMENT - DATABASE

Transcription:

(H. B. 2130) (No. 97) (Approved June 19, 2008) AN ACT To add a new subsection (d) to Section 2, to amend the first paragraph of Section 3, and to amend the first paragraph of Section 4 of Act No. 111 of September 7, 2005 with the purpose of requiring from all public entities of the three Branches of the Government of Puerto Rico, as well as from all private entities, to inform about any breach or irregularity in the security systems of their databases. STATEMENT OF MOTIVES Technology allows the constant development of improvements that facilitate countless of functions. Examples of this are the databases that public and private entities maintain to compile and manage information. In Puerto Rico, both the federal and the state government, manage citizens information through databases. The Vital Statistics Registry of the Department of Health, the Department of Transportation and Public Works, the Commonwealth Elections Commission, financial institutions, among others, are examples of the public and private institutions that compile and use vast amounts of the citizens personal information. The act of giving information to obtain a service does not mean that all the information registered and filed is automatically public. In fact, state and federal courts recognize the existence of information that, because of its nature, and even if it is provided voluntarily, should be protected from disclosure and unauthorized use. The fact that databases of public and private entities are important and often essential for the adequate operation of the referred entity, is not questioned. However, in the same

manner, it is recognized that there is an expectation among the citizens that some of the information provided and compiled shall not be disclosed or accessible to third parties. For this reason, pursuant to statutes and state and federal judicial decisions, many public and private institutions have established security protocols. These security measures deal with such issues as: compilation, retention, protection, use, disclosure and access to databases. For example, Act No. 111 of September 7, 2005, commonly known as Citizen Information on Data Banks Security Act, has the purpose of providing consumers with an instrument that allows him/her to know when his/her personal information and, consequently, his/her good name and credit are at risk. In spite of the protection provided by this Act, the same did not included government entities in its provisions. This measure, which complements the Public Documents Administration Act, provides that the entities of the three Government Branches shall establish and enforce basic protection norms for the personal, private or sensitive information they maintain in their databases. In this manner, norms on all that pertains to the information registered in the databases shall be uniformed. Furthermore, the information, security measures and procedures can be accurately identified in order to ensure the security and privacy of the citizenry. BE IT ENACTED BY THE LEGISLATURE OF PUERTO RICO: Section 1. A new subsection (d) is hereby added to Section 2 of Act No. 111 of September 7, 2005 to read as follows: Section 2. For the purposes of this Act: (a) (d) entity means every agency, board, body, examining board, corporation, public corporation, committee, independent office,

division, administration, bureau, department, authority, official, instrumentality or administrative organism of the three branches of the Government; every corporation, partnership, association, private company or organization authorized to do business or operate in the Commonwealth of Puerto Rico; as well as every public or private educational institution, regardless of the level of education offered by it. (e) Citizen s Advocate refers to the Citizen s Advocate Office. Section 2. The first paragraph of Section 3 of Act No. 111 of September 7, 2005 is hereby amended to read as follows: Section 3. - Any entity that is the owner or custodian of a database that includes personal information of citizens residents of Puerto Rico must notify said citizens of any breach of the security of the system when the database whose security has been breached contains, in whole or in part, personal information files and the same are not protected by an encrypted code but only by a password. Section 3. The first paragraph of Section 4 of Act No. 111 of September 7 of 2005 is hereby amended to read as follows: Section 4.-The notice of breach of the security of the system shall be submitted in a clear and conspicuous manner and should describe the breach of the security of the system in general terms and the type of sensitive information compromised. The notification shall also include a toll free number and an Internet site for people to use in order to obtain information or assistance.

Section 4 A new Section 7 is hereby added to read as follows: Section 7 In those cases in which the breach or irregularity in the security systems of the database occurs in a government agency or public corporation, it shall be notified to the Citizen s Advocate Office, which shall assume jurisdiction. For this purpose, the Citizen s Advocate shall designate a Specialized Advocate who shall address these types of cases. Section 5 A new Section 8 is hereby added to read as follows: Section 8 The Citizen s Advocate shall create within its Office the position of Databases Security Systems Specialized Advocate of the Government of Puerto Rico and shall draft and establish bylaws for compliance with the provisions of this Act within one hundred and twenty (120) days after its approval. Section 6 Sections 7, 8 and 9 are renumbered as Section 9, 10 and 11 Section 7 This Act shall take effect immediately after its approval.

CERTIFICATION I hereby certify to the Secretary of State that the following Act No. 97 (H.B. 2130) of the 7 th Session of the 15 th Legislature of Puerto Rico: AN ACT to add a new subsection (d) to Section 2, to amend the first paragraph of Section 3, and to amend the first paragraph of Section 4 of Act No. 111 of September 7, 2005 with the purpose of requiring from all public entities of the three Branches of the Government of Puerto Rico, as well as from all private entities, to inform about any breach or irregularity in the security systems of their databases, has been translated from Spanish to English and that the English version is correct. In San Juan, Puerto Rico, today 15 th of October of 2008. Francisco J. Domenech Director

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback