Bellows bill empowers public employees when private data is stolen

Sen. Shenna Bellows, D-Manchester, introduced a bill to require public employers to notify employees within 24 hours of actual or suspected breaches of confidentiality and thefts of an employee’s personal information due to cyber activity.

The bill, LD 696 “An Act To Protect Public Employees from Identity Theft,” also requires the public employers to provide affected employees with financial counseling. The bill was the subject of a public hearing in the Legislature’s State and Local Government Committee on Monday.

“In today’s world, it’s not a question of if centralized data will be breached but when and to what consequence,” said Sen. Bellows. “The potential consequences to individuals when their data is hacked – having their bank account emptied, having a false tax return filed with the IRS or having new fraudulent credit cards taken out in their name – can be catastrophic.”

Sen. Bellows introduced LD 696 after learning from the Maine Education Association that a data breach at a MSAD 4 in Guilford resulted in a number of employees struggling with significant financial issues when scammers filed false tax returns in their names, among other impacts. Additional breaches at the Brunswick School Department and AOS 77 in Eastport have been reported.

MSAD 4 “was aware of the breach but failed to notify its employees in a timely manner or reveal the extent of the breach,” said Andrew Mason of the MEA. “Because of the delay of the district in informing its employees about the breach, they were not able to take any proactive steps to protect themselves, instead having to react after the damage had been done.”

LD 696 faces further action in the State and Local Government Committee, and votes in the Maine House and Senate.