Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I ignore my obligations as a service provider with access to personal information in Pennsylvania? What are the requirements?

Based on the context documents provided, as a service provider with access to personal information in Pennsylvania, you cannot ignore your obligations. There are specific requirements that you must follow to ensure the protection of customer information.

Requirements for Governmental Access

Under 18 PACS 5743, investigative or law enforcement officers may require the disclosure of the contents of a communication which is in electronic storage in a communication system for 180 days or less only pursuant to a warrant issued under the Pennsylvania Rules of Criminal Procedure. For communications in electronic storage for more than 180 days, officers may require disclosure by means available under subsection (b). Investigative or law enforcement officers may require a provider of remote computing service to disclose the contents of any communication only if they obtain a warrant issued under the Pennsylvania Rules of Criminal Procedure or with prior notice from the investigative or law enforcement officer to the subscriber or customer.

Customer Information

Under 52 PACO Section 63.131, a telecommunications company subject to this subchapter shall treat customer communications and customer information as confidential. Except for the limited instances provided in this subchapter, release of customer information to the public shall be permitted only on the authority of the customer. When a telecommunications company or its authorized employees, agents or independent contractors utilize customer information, they shall do so only when necessary and only to the extent necessary to accomplish legitimate and authorized purposes, as set forth in this subchapter. Telecommunications companies and their employees, agents or independent contractors shall make every reasonable effort to avoid the unauthorized dissemination of customer information to the public. A telecommunications company, its employee, its affiliates or subsidiaries, or an agent or independent contractor that has entered into a contractual relationship with the telecommunications company and handles customer communications and customer information is subject to this subchapter.

Use and release of personal information.

Under 43 PACO Section 1.14, personal information about participants in veterans’ programs may be used and released under certain conditions and for certain purposes. For example, personal information may be released to the participant or person designated by the participant, upon request or with the written consent of the participant, or his authorized agent or attorney in fact, to whom the information pertains. Personal information may also be released for any official purposes and all routine uses by the Department, the Bureau, the Division, the Commission or the Advisory Councils in processing applications, assessing eligibility, and managing the veterans’ programs, including discussions and dispositions at public meetings of the Commission and Advisory Councils. However, personal information may not be released for commercial or political purposes and excluding any medical records and information that would be considered privileged to confidential under 42 Pa.C.S. § § 5901—5948 (relating to witnesses generally) or under the common law of this Commonwealth.

Authorization required for disclosure of nonpublic personal health information.

Under 31 PACO Section 146b.11, a licensee may not disclose nonpublic personal health information about a consumer unless an authorization is obtained from the consumer whose nonpublic personal health information is sought to be disclosed. However, there are exceptions to this requirement, such as when the disclosure of nonpublic personal health information is necessary for the performance of one or more of the insurance functions identified in subsection (b).

Therefore, as a service provider with access to personal information in Pennsylvania, you must follow the requirements outlined in the relevant statutes and regulations to ensure the protection of customer information.

Jurisdiction

Pennsylvania