Pennsylvania Amends Data Protection Requirements with Revised Breach Notification Act
Friday, July 19, 2024
Pennsylvania Breach of Personal Information Notification Act Enhancement
Print Mail Download info_icon_img/>i

On June 28, Pennsylvania took a significant step to enhance its data protection framework by updating the Breach of Personal Information Notification Act through the enactment of SB 824. This new legislation revises the older 2005 law and places a stronger emphasis on the security of digital data. It also introduces more stringent guidelines for notifying consumers and relevant authorities following a data breach.

Under the new law, if a data breach affects more than 500 Pennsylvania residents, entities are required to notify both the impacted individuals and the Pennsylvania Attorney General, as well as consumer reporting agencies, without unreasonable delay. The information provided to the Pennsylvania AG must include the organization’s name and location, the date on which the breach occurred, a brief summary of the incident, and an estimate of the number of affected individuals, both within the state and beyond.

Additionally, the Act mandates that entities bear the expenses related to providing affected individuals with free credit reporting and monitoring services for one year following the breach notification.

The legislation specifies that these obligations are triggered when an entity identifies a security breach and reasonably believes that personal information, such as a person’s name in conjunction with Social Security numbers, bank account numbers, or driver’s license/state ID numbers, have been accessed without authorization.

The law is slated to take effect in 90 days.

Putting It Into Practice: Pennsylvania’s updates to its Breach of Personal Information Notification Act reflect a broader trend among states and federal agencies to address the evolving challenges of data security (see our previous posts on data breach legislation here and here). Businesses subject to the law are now tasked with adapting to these changes swiftly to ensure compliance. In addition, companies facing a breach that spans multiple states must be mindful of how this law, its triggers, and its notification requirements compare to other jurisdictions. 

Listen to this post

Copyright © 2024, Sheppard Mullin Richter & Hampton LLP.

Current Public Notices

Current Legal Analysis

More from Sheppard, Mullin, Richter & Hampton LLP

CFPB Proposes Interpretive Rule Characterizing Earned Wage Access Products as Loans
by: A.J. S. Dhaliwal , Mehul N. Madia
The NLRB Must Apply Its Prior Standard for Protected Employee Outbursts and Abusive Speech
by: Amanda E. Beckwith , Keahn N. Morris
New Florida Law Overhauls Consumer Finance Loan Interest Rate Requirements
by: A.J. S. Dhaliwal , Mehul N. Madia
Supreme Court Holds That the Eighth Amendment Does Not Prevent Enforcement of Local Camping Bans, Authorizing a Significant Shift in Local Policies on Homelessness
by: Alexander L. Merritt , Kathryn C. Kafka
Federal Circuit Provides Insight on Induced Infringement Claims in Amarin Pharma Inc. v. Hikma Pharmaceuticals USA Inc.
by: Julian Ellis
Health-e Law Episode 11: CURES and Beyond: Reining in the Long Tail of Healthcare [Podcast]
by: Sara Helene Shanti , Phil Kim
Closing the Southern Border to Indirect Chinese Imports: U.S. Proclamations on Steel and Aluminum Imports from Mexico
by: Curtis M. Dombek , Jordan Mallory
BIS Summer Update: Essential Reading for Your Next Beach Trip!
by: Reid Whitten , J. Scott Maberry

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins