Pennsylvania State Security Breach Laws
Published February 10, 2011
Senate Bill: 712
73 Pennsylvania Statute Annotated: §§ 2301 to 2329
Effective Date: June 22, 2006
Definition of Personal Information: An individual’s first name or first initial and last name in combination with and linked to any one or more of the following data elements, when the data elements are not encrypted or redacted:
(a) Social security number;
(b) Driver’s license number or state identification card number issued in lieu of a driver’s license; or
(c) Financial account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.
Summary: An entity that maintains, stores, or manages computerized data that includes personal information shall provide notice of any breach of the security of the system following discovery of the breach of the security of the system to any resident of this Commonwealth whose unencrypted and unredacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person.
Visit the state Web site