Pennsylvania Gov. Josh Shapiro recently approved Senate Bill 824, which amends Pennsylvania’s data breach notification law, 73 Pa. Stat. Ann. § 2301, et seq.
The amendments will go into effect Sept. 26, 2024.
Among other things, the amendments:
Require concurrent notification to the Attorney General if notification must be given to more than 500 individuals
Require the notice to the Attorney General include:
The organization name and location
The date of the breach
A summary of the incident
An estimated number of individuals affected
An estimated number of individuals in Pennsylvania affected
Reduce the threshold for reporting an incident to consumer reporting agencies from more than 1,000 affected individuals to more than 500
Require entities that are required to report the incident to consumer reporting agencies to assume the costs of providing the affected individuals with:
Access to one credit report if an individual is not eligible for a free report
Eric Rosenkoetter is a principal at Maurice Wutscher LLP, and is focused on advising clients with respect to federal and state consumer financial protection laws and data privacy and security, and he is a Certified Information Privacy Professional though the International Association of Privacy Professionals. He also brings to the table experience as a litigator, chief compliance and ethics officer, director of legislative affairs, federal lobbyist, and administrative hearings officer. Eric earned his Juris Doctor from Washington University School of Law, and his Bachelor of Business Administration from Southern Methodist University. He is a member of the International Association of Privacy Professionals, the Receivables Management Association International (RMAI), and ACA International. He is admitted to practice law in Texas and Missouri and in the U.S. District Courts for the Northern, Southern, Eastern, and Western Districts of Texas. For more information, see https://mauricewutscher.com/attorneys/eric-rosenkoetter/