Attorney General Michelle Henry has announced the launch of an online portal designed to streamline the process for companies and other entities reporting data breaches that impact more than 500 Pennsylvania residents. This requirement is mandated under Pennsylvania law, effective September 26, 2024.
Entities such as credit reporting companies holding personal data must report breaches to the Office of Attorney General in accordance with recent amendments to Pennsylvania’s Breach of Personal Information Notification Act (BPINA).
“This new requirement in the law will offer Pennsylvanians more protections and prompt notifications when sensitive information, such as account numbers and personal data, is compromised,” Attorney General Henry stated. “We have launched this portal to make the process easier and more efficient for businesses who are required to make these notifications.”
On June 28, Governor Josh Shapiro approved amendments to BPINA, requiring companies to notify affected individuals if a breach impacts more than 500 Pennsylvanians. Additionally, if the breach involves sensitive information such as a person’s name combined with their Social Security Number, bank account number, or driver’s license or state ID number, companies must provide impacted individuals with 12 months of credit monitoring and access to a credit report.
Entities can access the portal through the Office of the Attorney General’s website. The portal guides users through a step-by-step process for submitting required information about breaches.
In addition to facilitating breach reports, the portal provides entities with important information about BPINA. Attorney General Henry encourages all entities operating in Pennsylvania to familiarize themselves with updates to this law.