E Point Perfect
Law \ Legal

Pennsylvania Amends Breach Notification Law


Pennsylvania recently amended its data breach notification law to expand its definition of personal information and provide for a HIPAA exception. The process for providing notice in the event of a username/email breach has also changed. The amendments will not be effective until May 2, 2023.

As amended, personal information will include medical and health insurance information. This mirrors many other states, which have also recently expanded their definitions of personal information to include these data elements. Pennsylvania’s breach notice law will also mirror that of almost half of the other US states in including in its definition of personal information usernames or e-mail addresses, in combination with a password or security question that would permit access to an online account.

In addition to amending the definition of personal information, Pennsylvania will add a HIPAA compliance exception to the breach notice law. Under that exception, entities that are both subject to and in compliance with HIPAA’s privacy and security standards will be deemed compliant with the state’s breach notice law.

Finally, beginning in May 2023, if there has been a usernames/email accounts breach, companies can provide “electronic notification.” To be sufficient, it needs to tell the individual to change their password or take other protective measures.

Putting it Into Practice: Pennsylvania’s changes will not have a significant impact for those entities who maintain incident response programs that address the requirements of all US jurisdictions. Companies will want to keep in mind that medical and health insurance information, as well as usernames/email account and passwords will become personal information under the breach notice law beginning May 2023.


Source link

Related posts

Pet Vaccination Questions, Part 1: rabies vaccine timing

FinCEN and BIS Issue Joint Alert on Potential Russian and Belarusian Export Control Evasion

California Public Adjusters – Update Your Email Signature Block or Risk Getting Fined!

General Conditions For Foreigners To Work In Turkey, especially for Tech Start-ups and the Benefit of Technopark for Foreign Start-ups

Court Filing Reveals that DOJ Is Investigating Fintech’s Administration of PPP Loans

Next Wednesday! The SEC Intends to Adopt Rule 10b5-1 Amendments!