BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay
FINES & PENALTIES – Violations
Constitutes an unfair trade practice
Vendor Contract Required
PRIVACY AND SECURITY LAWS
Laws related to personal information and privacy and security.
Pennsylvania Privacy Law Information
When notification is made to more than 1,000 persons at one time, the breached Organization must report to all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis. Heightened disclosure requirements may apply to entities dealing with Social Security Numbers.
If any state residents are affected by a breach, the breached Organization must give notice without delay to each affected individual. If a breach affects residents of otehr jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
Vendors must notify Organizations without delay after the discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notification.
There are specific additional requirements for licensees under the “Insurance Company Law of 1921” that addresses how a licensed insurer should handle and protect nonpublic personal financial information as defined under the law.
A violation of the Breach of Personal Information Notification Act shall be deemed to be an unfair or deceptive act or practice under the Unfair Trade Practices and Consumer Protection Law, of which the Offices of Attorney General shall have exclusive authority to bring an action for violation.
Pennsylvania Statutes and Laws
Unfair insurance practices
Privacy of consumer health information
Standards for safeguarding customer information
Consumer protection against computer spyware act
Breach of personal information notification act
The information provided is not legal guidance or recommendations and are for informational purposes only.