Pennsylvania AG Michelle Henry announced yesterday the launch of an online portal for businesses to report data breaches to the AG’s office. The portal launch comes before Pennsylvania’s new breach amendments take effect on September 26, 2024. One of the amendments will require businesses to report to the AG Office any breach that impacts more than 500 Pennsylvania residents. Businesses can provide notice to the AG using the new online portal. The law also includes specific reporting content; this content is built into the online portal. The AG’s website provides step-by-step instructions for submission.
As a reminder, from September 26, if a breach involves social security numbers, bank account numbers, or drivers’ license/state ID numbers, then businesses will need to provide 12 months credit monitoring under the law as revised. Businesses will also have to provide impacted individuals with access to a free credit report, if they could not otherwise get free access. And similar to other states, the threshold for notify credit reporting agencies will be if the breach impacts 500 or more Pennsylvania residents.
Putting it into Practice: There are a growing number of states authorities that have web portals for submitting notices of breaches. For those who keep a running list, this new portal will get added to it. Given the frequency of updates in this area, companies who do keep this information in an appendix to their incident response plan will want to have a process in place to confirm that the list is current at the time of the incident.