THE SENATE

S.C.R. NO.

31

TWENTY-SIXTH LEGISLATURE, 2011

 

STATE OF HAWAII

 

 

 

 

 

SENATE CONCURRENT

RESOLUTION

 

 

requesting a comprehensive study on the results and impact of Act 10, Session Laws of Hawaii 2008, as well as other information security proposals.

 

 


WHEREAS, identity theft affects millions of American each year and costs more than $54 billion annually; and

 

WHEREAS, breaches in the security of personal information are a leading source of identity theft; and

 

WHEREAS, in December 2007, the Office of the Auditor issued a report entitled "Hawaii Identity Theft Task Force Report" that, among other things, made certain recommendations regarding safeguards to protect personal information; and

 

WHEREAS, the Legislature passed Act 10, Session Laws of Hawaii 2008, which established the Information Privacy and Security Council to implement the recommendations of the Hawaii Identity Theft Task Force and to identify and recommend to the Legislature best practices to assist government agencies in improving security and privacy programs relating to personal information; and

 

WHEREAS, an analysis has not been conducted to determine whether Act 10 and the recommendations made by the Information Privacy and Security Council have been implemented or if they have been effective; and

 

WHEREAS, current law primarily focuses on prevention of security breaches and penalties for organizations that fail to provide timely and adequate notice to persons affected by the security breach, but it provides very little in the way of remedies for affected persons; now, therefore,

 

BE IT RESOLVED by the Senate of the Twenty-sixth Legislature of the State of Hawaii, Regular Session of 2011, the House of Representatives concurring, that the Auditor is requested to conduct a comprehensive study to determine whether the recommendations of the Hawaii Identity Theft Task Force Report of 2007 have been implemented and on the results and impact of Act 10, Session Laws of Hawaii 2008, to determine whether the recommendations by the Auditor and the Information Privacy and Security Council regarding the handling of private information by government agencies have been implemented and the impact thereof; and

 

BE IT FURTHER RESOLVED that the Auditor is requested to perform an analysis, similar to those performed pursuant to section 26H-6, Hawaii Revised Statutes, of the following proposals to provide remedial measures for persons affected by a breach of their personal information:

 

(1) Require an organization that has permitted a security breach to conduct, at the organization's expense, an independent audit, to be made available to the public upon completion, to reassure the public and Legislature that the organization has fulfilled any promises to take remedial action and comply with industry standards;

 

(2) Establish an agency or work with a national non-profit organization to track Hawaii identity theft and fraud trends, to help determine the actual effect of breaches, and to provide information regarding any trends to the public;

 

(3) Establish a centralized trust account from which affected persons of information breach or identity fraud may draw, to be funded by a fee assessed on any organization that is liable for a security breach; and

 

(4) Apply Hawaii's Uniform Deceptive Trade Practices Act to state agencies that perform services that are typically performed by private companies, such as universities; and

 

BE IT FURTHER RESOLVED that the Information Privacy and Security Council is requested to cooperate with and provide information and assistance to the Auditor, upon request; and

 

BE IT FURTHER RESOLVED the Auditor is requested to submit findings and recommendations to the Legislature, including any proposed legislation, no later than twenty days prior to the convening of the Regular Session of 2012; and

 

BE IT FURTHER RESOLVED that certified copies of this Concurrent Resolution be transmitted to the Auditor and the members of the Information Privacy and Security Council.

 

 

 

 

OFFERED BY:

_____________________________

 

 

Report Title:

Security Breaches of Personal Information; Audit