Posted by Bruce Johnson
Pennsylvania has recently enacted a data breach disclosure law (S.B. 712, available here), another statute modeled on the original 2002 California law. Pennsylvania's law, which was signed by Governor Rendell on December 22, 2005, makes it the 22nd state to enact such legislation.
The "Breach of Personal Information Notification Act" applies to all state agencies and individuals or businesses "doing business" in the state that "maintain, store, or manage computerized data that includes personal information."
Such "personal information" includes individuals' names coupled with unencrypted information that identifies their (1) Social Security number; (2) Driver's license number or State identification card; and (3) financial account information. The statute mandates the form of notice in the event of any "unauthorized access and acquisition of computerized data" that materially compromises the security or confidentiality of such "personal information." The new law becomes effective on June 30, 2006.