Pennsylvania Gov. Josh Shapiro recently approved Senate Bill 824, which amends Pennsylvania’s data breach notification law, 73 Pa. Stat. Ann. § 2301, et seq.
The amendments will go into effect Sept. 26, 2024.
Among other things, the amendments:
– Require concurrent notification to the Attorney General if notification must be given to more than 500 individuals
– Require the notice to the Attorney General include:
- The organization name and location
- The date of the breach
- A summary of the incident
- An estimated number of individuals affected
- An estimated number of individuals in Pennsylvania affected
– Reduce the threshold for reporting an incident to consumer reporting agencies from more than 1,000 affected individuals to more than 500
– Require entities that are required to report the incident to consumer reporting agencies to assume the costs of providing the affected individuals with:
- Access to one credit report if an individual is not eligible for a free report
- Access to credit monitoring services for one year