In the wake of several massive data breaches, consumer privacy (or lack thereof) has become a growing concern. For some, more surprising than the breaches was learning how much personal information companies collect from consumers—everything from Social Security numbers and email addresses to location data and demographics—and how much personal information is being sold or otherwise disseminated. As a result, legislation is being enacted around the world requiring companies to inform consumers about the collection and use of their personal information. Most notably in 2018, the European Union’s General Data Protection Regulation, commonly referred to as the GDPR, established groundbreaking consumer rights over the collection, retention and dissemination of personal information. In the United States, in the absence of federal consumer privacy law, states are enacting privacy legislation focusing upon: requiring transparency around the consumer personal information that companies are collecting and using; and providing consumers with control over the personal information. For example, California enacted the California Consumer Privacy Act (CCPA), which takes effect on Jan. 1, 2020.

Now, Pennsylvania is following suit. On April 5, Pennsylvania introduced House Bill 1049, which is currently pending before the Committee on Consumer Affairs. House Bill 1049, modeled after the CCPA, addresses consumer data privacy by setting forth the rights of consumers as well as the duties of companies relating to the collection of consumer personal information. Therefore, companies doing business in Pennsylvania should familiarize themselves with its key provisions and prepare for its enactment.

Important Provisions