Press "Enter" to skip to content

Pennsylvania Amends Data Breach Notification Law

Pennsylvania data breach notification lawPennsylvania Gov. Josh Shapiro recently approved Senate Bill 824, which amends Pennsylvania’s data breach notification law, 73 Pa. Stat. Ann. § 2301, et seq.

The amendments will go into effect Sept. 26, 2024.

Among other things, the amendments:

  • Require concurrent notification to the Attorney General if notification must be given to more than 500 individuals
  • Require the notice to the Attorney General include:
    • The organization name and location
    • The date of the breach
    • A summary of the incident
    • An estimated number of individuals affected
    • An estimated number of individuals in Pennsylvania affected
  • Reduce the threshold for reporting an incident to consumer reporting agencies from more than 1,000 affected individuals to more than 500
  • Require entities that are required to report the incident to consumer reporting agencies to assume the costs of providing the affected individuals with:
    • Access to one credit report if an individual is not eligible for a free report
    • Access to credit monitoring services for one year

Photo: Christian Hinkle/

Print Friendly, PDF & Email

Eric Rosenkoetter is a principal at Maurice Wutscher LLP, where he provides counsel to businesses and consumer financial services firms nationwide. For many years, he has focused his practice on various aspects of financial services law. As a litigation attorney, he has conducted every aspect of the litigation process, including countless depositions, motion proceedings, bench and jury trials, and appeals in various courts. In addition, he has significant experience as a compliance and transactional attorney, providing strategic, business growth, legislative, compliance and regulatory advice to national corporations and trade associations. For example, he has drafted consumer contracts and disclosures designed to state-specific statutory requirements, and developed “Best Practices” guides and state-by-state compliance grids, for national financial services companies. He also conducted research and crafted a metrics report for a national trade association with analysis designed to counter the claims of advocacy groups. Eric’s experience also includes working for a national corporation as Executive Counsel, Chief Compliance and Ethics Officer, and Director of Legislative Affairs, and as a federal lobbyist and Director of Government and Public Affairs for a national financial services trade association. In the government sector, Eric presided over approximately 6,000 state administrative hearings, served as a staff attorney for the Missouri Senate, and handled litigation in 33 counties as a regional managing attorney. Eric frequently speaks to audiences on topics relevant to the financial services industry including regulatory compliance, data privacy law and related advocacy initiatives. For more information, see

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.