Support Centre



Law: Please note this State does not have a general privacy law in effect, you can visit our US State Law Tracker to monitor the progress of US State bills.

Regulator: The Pennsylvania Attorney General ('AG')

Summary: Although Pennsylvania does not currently have a general privacy act, the State has references to privacy through sources such as the Pennsylvania Constitution, the State's common law, and various other pieces of legislation. This legislation includes breach notification requirements through the Breach of Personal Information Notification Act of 2005, which was amended by means of Senate Bill 696 for An Act Amending the Breach of Personal Information Notification Act of 2005, enacted in November 2022. The Unfair Trade Practices and Consumer Protection Law provides the AG with the power to enforce actions against companies sustaining large data breaches due to inadequate cybersecurity practices. The statutes also create a private cause of action with a fee shifting component. Moreover, the State also has the Telemarketer Registration Act which was amended in October 2019 in order to remove a five-year time limit for residents who have enrolled in the Do Not Call List, prohibit telephone solicitation calls being made on legal holidays, and create a legal procedure for the use of robocalls.