4/27/2006

Pennsylvania Latest to Adopt Data Security Breach Law

"As new reports of lost data continue to heighten American fears of identity theft, Pennsylvania has become the latest state to enact security breach legislation, joining a similar initiative in New Jersey. On December 22, 2005, Pennsylvania’s Governor signed the Breach of Personal Information Notification Act (the "PA Breach Act")1. Scheduled to become effective on June 20, 2006, the PA Breach Act establishes standards for assessing and disclosing security breaches affecting the personal information of Pennsylvania residents.

Preceding the PA Breach Act by half a year, the New Jersey Identity Theft Protection Act (the "NJ Breach Act")2 became fully effective on January 1, 2006 (a provision dealing with police reports became effective on June 25, 2005). Enabling individuals to place a "freeze" on their credit reports and limiting disclosure of Social Security numbers, the NJ Breach Act appears to be the more expansive legislation, although the two laws differ in a number of other respects, as well.

Although privacy law observers across the country have been waiting for Congress to enact a federal law addressing data security breaches, the legislative process has stalled in Washington, adding momentum to the trend that has now swept more than 20 states into the breach arena. In practical terms, this trend is forcing companies that maintain computerized personal data to take urgent action to assure that their information security procedures comply with the burgeoning and often inconsistent mosaic of state law requirements."

Read more in this Reed Smith article from Mondaq.