New βAct 33β Pennsylvania Law Mandates Stricter Protection for Victims Of Data Breaches
8 July 2024 at 17:01
Key Provisions of Act 33 Pennsylvania Law
Under the provisions of the new law, organizations must notify the Pennsylvania Attorney General's Office if a data breach is found to affect more than 500 residents within the state of Pennsylvania. [caption id="attachment_80831" align="alignnone" width="2800"]![Act 33 Pennsylvania Law Data Breach](../themes/icons/grey.gif)
1) The organization name and location. (2) The date of the breach of the security of the system. (3) A summary of the breach incident of the security of the system. (4) An estimated total number of individuals affected by the breach of the security of the system. (5) An estimated total number of individuals in this Commonwealth affected by the breach of the security of the system.Along with the reporting requirements, one of the key provisions of the law is the requirement for organizations to provide free credit reports and one year of credit monitoring to all affected consumers. The law introduces a new era of protection for consumers, requiring organizations to assume all costs and fees associated with providing affected individuals with access to credit reports and credit monitoring services. This provision means that individuals from Pennsylvania will not have to pay for these services, which can provide peace of mind in the event of a data breach and add an additional layer of protection to help prevent identity theft and financial fraud. The law defines personal information as an individual's first name or first initial and last name in combination with certain sensitive data elements, such as Social Security numbers, driver's licenses, or financial account numbers. The law is an extension of the amendment act of December 22, 2005 (P.L.474, No.94), which states:
"An act providing for security of computerized data and for the notification of residents whose personal information data was or may have been disclosed due to a breach of the security of the system; and imposing penalties," further providing for definitions, for notification of the breach of the security of the system and for notification of consumer reporting agencies; and providing for credit reporting and monitoring.The Act 33 law received unanimous support in both chambers of the state legislature, reflecting the broad recognition of the need for stronger data protection measures.