Pennsylvania Proposes a Consumer Data Privacy Act

On April 7, 2021, Pennsylvania legislators introduced a comprehensive consumer data protection bill (HB 1126) modeled on the California Consumer Privacy Act.  Notably, unlike the CCPA, the Pennsylvania bill would apply to professional and employment-related information.

Under the proposed bill, Pennsylvania consumers would have a right to (1) request disclosure of personal information collected by a business; (2) have their personal information deleted; (3) request information about personal information sold or used for business purposes by a business; and (4) decline or opt out of sale of personal information to third parties.  Businesses would not be able to sell personal information of minor consumers absent their consent or consent of their parents, if younger than 13 years of age.  Similarly to the CCPA, businesses would be required to provide notice to consumers that their personal information may be sold, as well a “Do Not Sell My Personal Information” link on their websites.

Businesses would be required to comply with the consumer access requests within 45 days after receiving a verifiable request from a consumer.   If reasonably necessary, the time period could be extended by another 45 days.

Like the CCPA, the Pennsylvania bill provides for a private right of action but only in cases of breaches involving nonencrypted and nonredacted personal information as a result of the business’s violation of the duty to implement and maintain reasonable security practices and procedures.  Consumers would be able to recover statutory damages in the amount of not less than $100 and not greater than $750 per consumer per incident, as well as obtain injunctive and declaratory relief.

In addition, the Pennsylvania Attorney General would be able to bring civil actions for violations of the Consumer Data Privacy Act against businesses, service providers, and third parties, and seek civil penalties up to $7,500 for each violation.

If enacted, the Pennsylvania Consumer Data Privacy Act would take effect immediately.

Take a tour of Clarip’s patented data privacy technology and learn how Clarip can help your enterprise comply with emerging state level data subject rights regulations. Call Clarip today at 1-888-252-5653 or schedule a Demo Online!