Pennsylvania stopped far short of passing an omnibus privacy law like California, Virginia, Colorado, Connecticut, and Utah, but at least they are upping the game for cybersecurity requirements for protecting PA state data by setting storage requirements for some organizations and prohibiting state employees from using unsecured internet connections. For PA residents, breach notification requirements will now include breaches of medical information, health insurance information, and username/password or other security questions. Goes into effect May 2, 2023 (180 days after the governor signed it).

An act providing for the notification of residents whose personal information data was or may have been disclosed due to a security system breach; and imposing penalties," further providing for title of act, for definitions and for notification of breach; prohibiting employees of the Commonwealth from using nonsecured Internet connections; providing for DATA STORAGE policy and for entities subject to the Health Insurance Portability and Accountability Act of 1996; and further providing for notice exemption AND FOR APPLICABILITY

www.legis.state.pa.us/...

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.