HARRISBURG – The Pennsylvania Office of the Attorney General has unveiled a new online portal to streamline the process for organizations required to report data breaches under recently enacted state legislation. The portal, set to go live on Sept. 26, coincides with the effective date of Act 33 of 2024, a law that significantly expands data breach notification requirements in the state.
The new law comes in response to the rising tide of data breaches across the United States. In 2023, a record 3,122 data breach incidents were reported nationwide, marking a 72 percent increase from the previous high in 2021. These breaches have affected hundreds of millions of Americans and resulted in billions of dollars in losses, state officials said.
Act 33, which received unanimous support in both chambers of the state Legislature, mandates that organizations notify the attorney general’s office if a data breach affects more than 500 Pennsylvania residents. The notification must include key details, such as the organization’s name and location, the date of the breach, a summary of the incident and the estimated number of individuals affected both in total and within Pennsylvania.
In addition to the reporting requirements, Act 33 introduces new protections for consumers affected by data breaches. Organizations are now obligated to provide impacted individuals with free access to credit reports and one year of credit monitoring services if the breach involves the person’s name in combination with their Social Security number, bank account number or driver’s license/state ID number.
Pennsylvania Attorney General Michelle Henry emphasized the importance of the new portal, stating it will facilitate the reporting process and provide entities with essential information about the Breach of Personal Information Notification Act. The portal’s launch represents a proactive step in addressing the growing challenges of data security and consumer protection in the digital age.
As organizations prepare for the Sept. 26 implementation date, they are advised to familiarize themselves with the new requirements and ensure their data breach response plans are updated accordingly. The attorney general’s office has indicated that additional guidance and resources will be made available through the portal to assist entities in complying with the new law.