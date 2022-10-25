PENNSYLVANIA, October 25 - jurisdiction of data which includes personal information.

Section 5.2. Commonwealth policy.

(a) Storage policy.-- The Governor's Office of Administration

shall develop a policy to govern the proper storage by State

agencies under the Governor's jurisdiction of data which

includes personal information. The policy shall address

identifying, collecting, maintaining, displaying and

transferring personal information, using personal information in

test environments, remediating personal information stored on

legacy systems and other relevant issues. A goal of the policy

shall be to reduce the risk of future breaches of the security

of the system.

(b) Considerations.--In developing the policy, the

Governor's Office of Administration shall consider similar

existing Federal and other policies in other states, best

practices identified by other states and relevant studies and

other sources as appropriate.

(c) Review and update.--The policy shall be reviewed at

least annually and updated as necessary.

(A) GENERAL RULE.-- AN ENTITY THAT MAINTAINS, STORES OR

MANAGES COMPUTERIZED

DATA ON BEHALF OF THE COMMONWEALTH THAT

CONSTITUTES PERSONAL INFORMATION SHALL UTILIZE ENCRYPTION , OR

OTHER APPROPRIATE SECURITY MEASURES, TO REASONABLY PROTECT THE

