Pennsylvania Amends Breach Notification Law

On November 3, 2022, Pennsylvania Governor Tom Wolf signed Senate Bill 696 into law (the “Act”), amending Pennsylvania’s breach notification law. 

The Act expands the definition of “personal information” to include the following data elements when compromised in combination with a resident’s name:

The Act also provides a new permissible method of providing notice of a breach if the affected personal information consists of a username or email address in combination with a password, allowing for electronic notice “if the notice directs the person whose personal information has been materially compromised by a breach of the security of the system to promptly change the person’s password and security question or answer, as applicable, or to take other steps appropriate to protect the person’s online account….” Additionally, the Act includes an exemption for covered entities and business associates subject to HIPAA.  The amendments take effect May 2, 2023.

Copyright © 2024, Hunton Andrews Kurth LLP. All Rights Reserved.
National Law Review, Volumess XII, Number 318