Pennsylvania Breach of Personal Information Notification Act

Pennsylvania SBG 712 of 2006 requires that an entity that maintains, stores, or manages computerized data that includes personal information shall provide notice of any breach of the security of the system, following discovery of the breach of the security of the system, to any resident of this Commonwealth whose unencrypted and unredacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. The rules for this policy are:

• Pennsylvania Breach of Personal Information Act: Name and SSN
• Pennsylvania Breach of Personal Information Act: Name and DL
• Pennsylvania Breach of Personal Information Act: Name and CCN
• Pennsylvania Breach of Personal Information Act: Name and Password (Wide)
• Pennsylvania Breach of Personal Information Act: Name and Password (Default)
• Pennsylvania Breach of Personal Information Act: Name and Password (Narrow)
• Pennsylvania Breach of Personal Information Act: Account and Password
• Pennsylvania Breach of Personal Information Act: Password Dissemination for HTTP Traffic (Wide)
• Pennsylvania Breach of Personal Information Act: Password Dissemination for HTTP Traffic (Default)
• Pennsylvania Breach of Personal Information Act: Password Dissemination for HTTP Traffic (Narrow)