Loading chat...
PA HB997
Bill
Status
10/1/2025
Primary Sponsor
Jared Solomon
Click for details
AI Summary
-
Expands the definition of "personal information" to include passport numbers, medical history, health insurance identifiers, biometric data, and individual taxpayer identification numbers, in addition to existing categories like Social Security numbers and financial account information
-
Requires entities that maintain computerized personal information to implement reasonable security procedures to prevent unauthorized acquisition, use, modification, disclosure, or destruction of that data
-
Creates a private right of action allowing Pennsylvania residents to sue for injunctive relief and recover the greater of actual damages or $5,000 per violation, with up to triple damages for pattern violations, plus attorney fees and costs
-
Authorizes the Attorney General to bring enforcement actions with civil penalties up to $10,000 per violation
-
Limits law enforcement delay of breach notifications to three days maximum and requires notice be provided without unreasonable delay following discovery of a breach
Legislative Description
Further providing for definitions, for notification of the breach of the security of the system, for exceptions and for notice exemption; repealing provisions relating to civil relief; providing for protection of personal information, for civil relief, for information security and for applicability; and repealing provisions relating to applicability.
Last Action
Referred to Communications & Technology
10/3/2025