McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business HomeProducts & SolutionsData ProtectionUS & Global Data Protection LawsSecurity Breach Notification Laws

Pennsylvania

Breach of Personal Information Notification Act
CITATION 73 Pa. Stat. § 2303
ENACTED 2006
SUMMARY The law applies to the “breach of the security of the system” which means the unauthorized access and acquisition of computerized data that materially compromises the security or confidentiality of personal information maintained by the entity as part of a database of personal information and that the entity reasonably believes has caused or will cause loss or injury to any resident of Virginia.
DATA COVERED

The law applies to ‘Personal Information’ which means an individual’s first name or first initial and last name in combination with ‘and linked to’ any one or more of the following elements that are not encrypted or redacted:

  1. Social Security number;
  2. Driver’s license number or state identification card number; and
  3. Financial account number, credit card or debit card number, in combination with any required security code, access code or password that would permit access to an individual’s financial account.
INDUSTRY An entity that maintains, stores or manages computerized data that includes PI or a vendor that maintains, such data.
PENALTIES Plaintiff can bring a suit to recover actual damages or one hundred dollars ($100), whichever is greater; injunctions, civil penalties up to three thousand dollars ($3000), costs and attorneys’ fees and other penalties as the court deems appropriate.
United States - English