Pennsylvania’s Act 33: Strengthening Consumer Protections After Data Breaches – Key Provisions and Impact

The state of Pennsylvania has taken a bold step towards protecting consumers in the aftermath of data breaches with the passing of Act 33 of 2024. This new law, set to take effect later this year, imposes stricter time limits for organizations to issue data breach notices and mandates the provision of free credit monitoring to affected individuals.

One of the key provisions of Act 33 is the requirement for organizations to notify the Pennsylvania Attorney General’s Office if a data breach affects more than 500 residents within the state. The notice must include details such as the organization’s name and location, the date of the breach, and an estimated number of individuals affected.

Additionally, the law mandates that organizations provide free credit reports and one year of credit monitoring to all affected consumers. This measure aims to offer peace of mind to individuals by adding an extra layer of protection against identity theft and financial fraud, without incurring any costs.

The passing of Act 33 comes at a critical time, as data breach incidents have been on the rise across the United States. The recent high-profile breach at Geisinger Medical Center in Pennsylvania, which potentially exposed personal information of one million patients, underscores the importance of robust data protection measures.

As the state prepares to implement Act 33, consumers can rest assured that their information will be better safeguarded in the event of a data breach. The unanimous support for this law in the state legislature reflects a collective recognition of the need for stronger data protection measures to prevent breaches and mitigate their impact on individuals and organizations alike.