ARTICLE
16 November 2022

Pennsylvania Amends Its Data Breach Notification Law And Adds Cybersecurity Requirements

FL
Foley & Lardner

Contributor

Foley & Lardner LLP looks beyond the law to focus on the constantly evolving demands facing our clients and their industries. With over 1,100 lawyers in 24 offices across the United States, Mexico, Europe and Asia, Foley approaches client service by first understanding our clients’ priorities, objectives and challenges. We work hard to understand our clients’ issues and forge long-term relationships with them to help achieve successful outcomes and solve their legal issues through practical business advice and cutting-edge legal insight. Our clients view us as trusted business advisors because we understand that great legal service is only valuable if it is relevant, practical and beneficial to their businesses.
For PA residents, breach notification requirements will now include breaches of medical information, health insurance information, and username/password or other security questions.
United States Pennsylvania Technology

Pennsylvania stopped far short of passing an omnibus privacy law like California, Virginia, Colorado, Connecticut, and Utah, but at least they are upping the game for cybersecurity requirements for protecting PA state data by setting storage requirements for some organizations and prohibiting state employees from using unsecured internet connections. For PA residents, breach notification requirements will now include breaches of medical information, health insurance information, and username/password or other security questions. Goes into effect May 2, 2023 (180 days after the governor signed it).

An act providing for the notification of residents whose personal information data was or may have been disclosed due to a security system breach; and imposing penalties," further providing for title of act, for definitions and for notification of breach; prohibiting employees of the Commonwealth from using nonsecured Internet connections; providing for DATA STORAGE policy and for entities subject to the Health Insurance Portability and Accountability Act of 1996; and further providing for notice exemption AND FOR APPLICABILITY

www.legis.state.pa.us/...

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More