What happened?

On September 16, 2024, Pennsylvania Attorney General (AG) Michelle Henry announced the launch of an online portal to streamline the process for companies and other entities reporting data breaches.

Quick Summary:

• Data breaches must be reported if they affect over 500 residents, as recent amendments to the state’s Breach of Personal Information Notification Act require.

• This portal aims to streamline compliance and ensure prompt notifications and protections for affected individuals.

• Entities can access the portal via the Office of the Attorney General’s website, where they can follow a guided step-by-step process to submit required information about the breach and other valuable information about BPINA.

What are the details?

• The portal is required under the amended Breach of Personal Information Notification Act (BPINA), effective September 26, 2024.

• Breaches affecting more than 500 Pennsylvania residents must be reported to the Attorney General simultaneously with notifications to affected residents. Additional notifications are required from consumer reporting agencies.

• For sensitive personal information breaches, entities must cover the costs of providing a credit report and 12 months of credit monitoring.

• The definition of a breach now includes accessed data, not just acquired.

• Reporting is also required for breaches of medical information held by state agencies or contractors.

• Employers should visit the online portal page to review the process of submitting notification of data breaches.

Source References

• PA AG Henry Launches Online Portal Press Release
• PA Report a Data Breach to the OAG
• Pennsylvania Amends Breach of Personal Information Notification Act (VensureHR)

This communication is intended solely for the purpose of conveying information. The present post might incorporate hyperlinks directing readers to websites managed by third-party entities. The inclusion of any links within this communication is meant to serve as points of reference and could encompass opinion articles from various law firms, articles from HR associations, official websites, news releases, and documents of government agencies, and other relevant third-party sources. Vensure has no authority over these external websites and bears no responsibility for their content. Furthermore, Vensure does not endorse the materials present on these websites. The contents of this communication should not be interpreted as legal advice or as a legal standpoint concerning specific facts or scenarios. Nor should it be deemed an exhaustive compilation of facts potentially pertinent to federal, state, or local laws. It is strongly advised that employers solicit legal guidance from an employment attorney when undertaking actions in response to any legal updates provided. This is due to the possibility of future alterations occurring in federal, state, and local laws, regulations, as well as the directives and guidelines issued by governing agencies. These changes may transpire at any given time, potentially rendering certain portions of the content within this update void or inaccurate.