Pennsylvania’s Breach of Personal Information Notification Act

H. Adam Shapiro

Last month I had a business client come into my office concerned about a data breach. A disgruntled former employee hacked into the company server. While it appears this employee did not enter into any sensitive areas on the server, my client wanted to know what his responsibilities were with regarding to notifying customers of this unauthorized intrusion. After quickly moving for an injunction to prohibit further intrusions, we sat down with our client to review his data breach policy. Not surprisingly, he did not have one.

Every data breach policy has to be created with an eye towards the sector your business operates. For example, HIPPA notification requirements with regard to “protected health information” are different from the requirements for a web based business.

In Pennsylvania we have the Breach of Personal Information Notification Act. This law has been on the books since June 2006 and is currently in the process of being amended as it relates to municipalities and school districts. This applies to any business organization (for-profit or non-profit) that maintains or stores computerized data that includes personal information. The impact of this Act is far reaching because it applies to businesses of other states whose customers are Pennsylvania residents.

Notification requirements are triggered when there is a breach of a computer data system where any “resident of Pennsylvania’s unencrypted and unredacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person.” I won’t bore you with the details of the intricacies of how all these seemingly simple to understand words have definitions that go on for pages. Suffice to say even the definition “reasonably believed” is complicated. The key take away however is that the notification requirements are NOT triggered if the information is encrypted or redacted. Failure to comply will prove costly as the Act provides that a violation is deemed to be a violation of the Pennsylvania Unfair Trade Practices and Consumer Protection Law.

Circling back to my client who contacted me last month, his records were encrypted and thus Pennsylvania’s Breach of Personal Information Notification Act did not apply. However, we reviewed and updated his data breach policy to bring it into compliance with the existing laws that affected his business. At Danziger Shapiro we understand the global environment that affects your business and are here to assist you navigate the complicated web of laws and regulations that need to be complied with in this new electronic world. Please feel free to contact any of our attorneys for a free consultation to discuss any concern that is affecting your business.
more
Circling back to my client who contacted me last month, his records were encrypted and thus Pennsylvania’s Breach of Personal Information Notification Act did not apply. However, we reviewed and updated his data breach policy to bring it into compliance with the existing laws that affected his business. At Danziger Shapiro we understand the global environment that affects your business and are here to assist you navigate the complicated web of laws and regulations that need to be complied with in this new electronic world. Please feel free to contact any of our attorneys for a free consultation to discuss any concern that is affecting your business.

This entry is presented for informational purposes only and is not intended to constitute legal advice.

Client Reviews

Adam has been my corporate attorney for over 10 years. He is extremely professional and knowledgeable. He efficiently moves through the judicial system and always keeps the best interest of his client in the foreground.

Janet

We hired Adam to represent us for a patent dispute. He was excellent from the very beginning. He was thorough, detailed, honest, forthright, succinct, and available to us for questions at all times. Needless to say he achieved the best outcome we could have hoped for, and I cannot recommend him...

Matt

I just recently sold my company and the firm of Danziger Shapiro held up the legal end of the transaction. Adam Shapiro left no rock unturned to protect my interests. The closing did not proceed as smoothly as we had hoped, but Adam was supportive through the entire process. They have been my legal...

J.H.

Contact Us

  1. 1 Over 20 Years of Experience
  2. 2 Successful and Creative Results
  3. 3 Industry-Specific Knowledge
Fill out the contact form or call us at (215) 545-4830 to schedule your consultation.

Leave Us a Message