Law: Please note this State does not have a general privacy law in effect, you can visit our US State Law Tracker to monitor the progress of US State bills.

Regulator: The Pennsylvania Attorney General (AG).

Summary: Pennsylvania does not currently have a general privacy act, but the State has references to privacy in the Pennsylvania Constitution, the State's common law, and various other pieces of legislation including the breach notification requirements under the Breach of Personal Information Notification Act of 2005. This was amended by means of Senate Bill 696 for An Act Amending the Breach of Personal Information Notification Act of 2005, enacted in November 2022, as well as Senate Bill 824 for an Act amending the Breach of Personal Information Notification Act and providing for credit reporting and monitoring, which entered into effect on September 26, 2024. Senate Bill 825 amended the definition of personal information and notification requirements of the breach, as well as included a new section on credit reporting and monitoring.

The Unfair Trade Practices and Consumer Protection Law provides the Pennsylvania Attorney General (AG) with the power to enforce actions against companies sustaining large data breaches due to inadequate cybersecurity practices. The statutes also create a private cause of action with a fee-shifting component.

Pennsylvania also has the Telemarketer Registration Act which was amended in October 2019, to remove a five-year time limit for residents who have enrolled in the 'Do Not Call List,' prohibit telephone solicitation calls being made on legal holidays, and create a legal procedure for the use of robocalls.

You can follow legislative developments in the US through the USA State Law Tracker.