73 Pa. Stat. § 2305a

Current through Pa Acts 2024-53, 2024-56 through 2024-111
Section 2305a - Encryption required.
(a) General rule.-- An entity that maintains, stores or manages computerized data on behalf of the Commonwealth that constitutes personal information shall utilize encryption, or other appropriate security measures, to reasonably protect the transmission of personal information over the internet from being viewed or modified by an unauthorized third party.
(b) Transmission policy.-- An entity that maintains, stores or manages computerized data on behalf of the Commonwealth that constitutes personal information shall develop and maintain a policy to govern the proper encryption or other appropriate security measures and transmission of data by State agencies.
(c) Considerations.--In developing the policy, an entity shall reasonably consider similar existing federal policies and other policies, best practices identified by other states and relevant studies and other sources as appropriate in accordance with best practices as established by the federal government and the Commonwealth.
(d) Review and update.--The policy shall be reviewed at least annually and updated as necessary.

73 P.S. § 2305a

Added by P.L. TBD 2022 No. 151, § 4, eff. 5/2/2023.