New data breach reporting and mitigation requirements go into effect in Pennsylvania on September 26, and there is a new portal for reporting breaches to the state. Lawyers at SheppardMullin provide a timely reminder:
Pennsylvania AG Michelle Henry announced yesterday the launch of an online portal for businesses to report data breaches to the AG’s office. The portal launch comes before Pennsylvania’s new breach amendments take effect on September 26, 2024. One of the amendments will require businesses to report to the AG Office any breach that impacts more than 500 Pennsylvania residents. Businesses can provide notice to the AG using the new online portal. The law also includes specific reporting content; this content is built into the online portal. The AG’s website provides step-by-step instructions for submission.
As a reminder, from September 26, if a breach involves social security numbers, bank account numbers, or drivers’ license/state ID numbers, then businesses will need to provide 12 months credit monitoring under the law as revised. Businesses will also have to provide impacted individuals with access to a free credit report, if they could not otherwise get free access. And similar to other states, the threshold for notify credit reporting agencies will be if the breach impacts 500 or more Pennsylvania residents.
Read more at Eye on Privacy.