General Liability Insurance
Professional Liability Insurance
Errors and Omissions Insurance
Cyber Liability / Data Breach Insurance
Workers' Compensation Insurance
Business Owner’s Policy
Data Breach Insurance
Certificate of Liability Insurance
Additional Insurance Offerings
4.9 out of 5 Customer Rating
Get in-depth information on essential insurance coverages.
Certificate of Liability insurance
When a Pennsylvania business experiences a harmful data breach, it must notify affected Pennsylvania residents as soon as possible by mail, telephone, or email. If the security breach affects more than 175,000 people, or the cost of notification
exceeds $100,000, public service announcements can be used instead. When a breach affects 1,000 or more people, you must report it to all consumer-reporting agencies.
Name of Law / Statute
Breach of Personal Information Notification Act
Definition of Protected Information
Standard PI definition (see below)
Who Is Subject to Law?
Any business that maintains, stores, or manages residents' PI
Notification of Consumers?
Yes, but only if breaches "materially compromise the security, confidentiality, or integrity of" PI
By what means?
Written, phone, or electronic (depending on prior relationship); if >1,000 residents, must notify consumer reporting agencies
Substitute Notice Threshold?
If cost of notice >$250,000 or involves >500k residents
Notification of authorities / regulators required?
Credit monitoring requirement?
Private lawsuits allowed?
Private damages cap?
Regulatory actions allowed?
HIPAA Compliance exemption?
Other (e.g., timeframe)
Law does not apply if PI was encrypted (unless encryption was compromised) or redacted
Link to complete law
Pennsylvania's data breach law
Read the full text of Pennsylvania’s data breach law.