Pennsylvania Privacy Laws

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Constitutes an unfair trade practice

REGULATION LEVELS

Breach Reporting Consumer Notifications
Vendor Management Vendor Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Constitutes an unfair trade practice

REGULATION LEVELS

Breach
Reporting
Consumer
Notifications
Vendor
Management
Vendor
Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Constitutes an unfair trade practice

REGULATION LEVELS

Breach
Reporting
Consumer
Notifications
Vendor
Management
Vendor
Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Quick Facts

Pennsylvania Privacy Law Information

  • Breach Reporting

    When notification is made to more than 1,000 persons at one time, the breached Organization must report to all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis. Heightened disclosure requirements may apply to entities dealing with Social Security Numbers.

  • Consumer Notification

    If any state residents are affected by a breach, the breached Organization must give notice without delay to each affected individual. If a breach affects residents of otehr jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

  • Vendor/Third Parties

    Vendors must notify Organizations without delay after the discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notification.

  • Industry Specific Laws

    There are specific additional requirements for licensees under the “Insurance Company Law of 1921” that addresses how a licensed insurer should handle and protect nonpublic personal financial information as defined under the law.

  • Fines & Penalties

    A violation of the Breach of Personal Information Notification Act shall be deemed to be an unfair or deceptive act or practice under the Unfair Trade Practices and Consumer Protection Law, of which the Offices of Attorney General shall have exclusive authority to bring an action for violation.

Pennsylvania

Statutes and Laws

31 PA. CODE § 146

Unfair insurance practices

31 PA. CODE § 146B

Privacy of consumer health information

31 PA. CODE § 146C

Standards for safeguarding customer information

73 PA. STAT. §§ 2301 – 2308 & 2329

Consumer protection against computer spyware act

73 PA. STAT. §§ 2330.1 – 2330.9

Breach of personal information notification act