February 8, 2023

Volume XIII, Number 39

Advertisement

February 08, 2023

Subscribe to Latest Legal News and Analysis

February 07, 2023

Subscribe to Latest Legal News and Analysis

February 06, 2023

Subscribe to Latest Legal News and Analysis

Pennsylvania Amends Breach Notification Law

On November 3, 2022, Pennsylvania Governor Tom Wolf signed Senate Bill 696 into law (the “Act”), amending Pennsylvania’s breach notification law. 

The Act expands the definition of “personal information” to include the following data elements when compromised in combination with a resident’s name:

  • Medical information: any individually identifiable information contained in the individual’s current or historical record of medical history or medical treatment or diagnosis created by a healthcare professional.

  • Health insurance information: an individual’s health insurance policy number or subscriber number in combination with access code or other medical information that permits misuse of an individual’s health insurance benefits.

  • Username or e-mail address, in combination with a password or security question that would permit access to an online account

The Act also provides a new permissible method of providing notice of a breach if the affected personal information consists of a username or email address in combination with a password, allowing for electronic notice “if the notice directs the person whose personal information has been materially compromised by a breach of the security of the system to promptly change the person’s password and security question or answer, as applicable, or to take other steps appropriate to protect the person’s online account….” Additionally, the Act includes an exemption for covered entities and business associates subject to HIPAA.  The amendments take effect May 2, 2023.

Copyright © 2023, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XII, Number 318
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement