Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Third Party: Specific Obligations
  • Third Party: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws results in possible penalties and/or civil relief

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Third Party Management
  • Data Protection
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • When breach is reported to more than 1,000 persons at one time, the entity must report to all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis.
  • A violation of the Breach of Personal Information Notification Act shall be deemed to be an unfair or deceptive act or practice under the Unfair Trade Practices and Consumer Protection Law, of which the Office of Attorney General shall have exclusive authority to bring an action for violation.
  • Heightened disclosure requirements may apply to entities dealing with Social Security Numbers.
  • There are specific additional requirements for licensees under the “Insurance Company Law of 1921” that addresses how a licensed insurer should handle and protect nonpublic personal financial information as defined under the law.
  • If vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
  • 73 Pa. Stat. §§ 2301 – 2308 & 2329  Breach of Personal Information Notification Act (2005)

    73 Pa. Stat. §§ 2330.1 – 2330.9 Consumer Protection Against Computer Spyware Act (2010)

    31 Pa. Code § 146 Unfair Insurance Practices

    31 Pa. Code § 146b Privacy of Consumer Health information

    31 Pa. Code § 146c Standards for Safeguarding Customer Information

BAck to map