Pennsylvania Statutes Title 73 P.S. Trade and Commerce § 2303. Notification of breach

Welcome to FindLaw's Cases & Codes, a free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw's Learn About the Law.

(a) General rule.--An entity that maintains, stores or manages computerized data that includes personal information shall provide notice of any breach of the security of the system following discovery of the breach of the security of the system to any resident of this Commonwealth whose unencrypted and unredacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person.  Except as provided in section 4   1 or in order to take any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the data system, the notice shall be made without unreasonable delay.  For the purpose of this section, a resident of this Commonwealth may be determined to be an individual whose principal mailing address, as reflected in the computerized data which is maintained, stored or managed by the entity, is in this Commonwealth.

(b) Encrypted information.--An entity must provide notice of the breach if encrypted information is accessed and acquired in an unencrypted form, if the security breach is linked to a breach of the security of the encryption or if the security breach involves a person with access to the encryption key.

(c) Vendor notification.--A vendor that maintains, stores or manages computerized data on behalf of another entity shall provide notice of any breach of the security system following discovery by the vendor to the entity on whose behalf the vendor maintains, stores or manages the data.  The entity shall be responsible for making the determinations and discharging any remaining duties under this act.

1  73 P.S. § 2304.

Cite this article: FindLaw.com - Pennsylvania Statutes Title 73 P.S. Trade and Commerce § 2303. Notification of breach - last updated January 01, 2019 | https://codes.findlaw.com/pa/title-73-ps-trade-and-commerce/pa-st-sect-73-2303.html


FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature or via Westlaw before relying on it for your legal needs.

Copied to clipboard