As technology advances, consumer data protection is more important than ever. While the United States does not currently have a federal data privacy protection law, several states have enacted their own privacy laws to protect residents. Pennsylvania has three different privacy laws in the state legislature. If any of these pass, companies doing business in Pennsylvania will need to adjust their privacy policies to stay compliant—and a Pennsylvania privacy policy generator can make this easy.
Keeping up with changes to the law, at both the federal and state level, can be time-consuming and expensive. Thankfully, a Pennsylvania privacy policy generator can cut down on the cost and effort it takes to stay compliant with any new Pennsylvania data privacy laws.
SixFifty has created state-specific tools to automatically generate a privacy policy. Read on to learn more about Pennsylvania’s pending privacy laws, and how our privacy tools make it easy and cost-effective to stay in compliance.
Who will be affected by Pennsylvania data privacy laws?
Businesses affected by Pennsylvania’s potential data privacy laws depend on which pass, and whether they’re revised. There are three potential privacy laws in committee: HB 2202 and HB 1126 (both titled Consumer Data Privacy Act), and HB 2257, the Consumer Data Protection Act.
HB 2202 would apply to for-profit entities doing business in the state, and meet one or more of these thresholds:
- Annual gross revenue of $20 million or more;
- Buy, receive, sell, or share for commercial purposes personal information of 100,000 or more consumers; or
- Derive half or more of their annual revenue from selling personal consumer data.
HB 1126’s thresholds include:
- Annual gross revenue of $10 million or more;
- Buy, receive, sell, or share for commercial purposes personal information of 50,000 or more consumers, households, or devices; or
- Derive half or more of their annual revenue from selling personal consumer data.
HB 2257 applies to for-profit entities that conduct business in Pennsylvania or produce goods, products, or services that are sold or offered for sale to residents of Pennsylvania, who meet one or more of the following thresholds:
- Control or process personal data from 100,000 or more consumers in a calendar year; or
- Control or process personal data from at least 25,000 consumers, and derive over half their gross revenue from the sale of personal data.
HB 2257 also exempts state agencies, higher education institutions, financial institutions governed by the Gramm-Leach-Bliley Act, and entities governed by HIPAA.
What’s the difference between privacy policies and privacy notices?
You will need two separate privacy documents to stay compliant. A privacy notice and privacy policy serve different purposes. A privacy notice is a public document that you post for consumers to see. It outlines your personal information gathering practices, and tells consumers what you do with their data. A privacy policy is an internal document that your employees follow. It tells them how they should handle consumers’ personal information.
Pennsylvania privacy laws
Here’s an overview of what the proposed laws would entail, if passed.
HB 2202 would include the following consumer protections:
- Right to access personal data
- Right to request corrections in personal data
- Right to opt out of collecting and processing personal data for targeted purposes
- Right to request and receive their personal data in an accessible format
- Right to opt out of the sale of their personal data
The law does not include a private right of action if the protections are violated.
HB 1126 is also in committee. It differs from HB 2202 and HB 2257. Notable features include:
- Right to access personal data
- Right to request a business delete the personal information they’ve collected
- Right to opt out of sale of personal data
- A right to private action when personal information has been subject to unauthorized access, theft or disclosure
HB 2257, the Consumer Data Protection Act, offers similar protections. These include:
- Right to access personal data
- Right to request corrections in personal data
- Right to delete personal data
- Right to opt out of collecting and processing personal data for targeted purposes
- Right to request and receive personal data in an accessible format
- Right to opt out of sale of personal data
Like HB 2202, there is no private right of action if these protections are violated.
Is there a Pennsylvania privacy policy template?
One-size-fits-all templates rarely cover every applicable law and scenario, as convenient as that might be. Fortunately, SixFifty’s PA website privacy policy generator specifically addresses these needs. Rather than having your legal team draft the documents and monitor changes to the law, or rack up billable hours with outside counsel, our tools do the work for you. Your company can quickly generate a privacy policy specific to Pennsylvania. Best of all, we monitor changes to the law for you: you’ll receive notifications whenever there’s been an update. We update our privacy tools whenever there are changes, and let you know it’s time to regenerate your privacy documents.
Our software pairs technology with real legal expertise, to deliver compliant Pennsylvania privacy policies and notices in record time. Simply answer a series of questions, download the generated document, and have your lawyer review. It’s a quick and easy way to stay compliant and avoid incurring penalties—all while saving money on legal guidance.
Generate a privacy policy for Pennsylvania with SixFifty
If your company does business in Pennsylvania and meets any of the legal thresholds, you’ll be impacted when the new laws go into effect. You’ll need to create a state-specific, compliant privacy policy. Let SixFifty do the hard work for you with our Pennsylvania privacy policy generator. Reach out today to schedule a demo, or learn more about our privacy tools!