PENNSYLVANIA, April 27 - (iii) Educational records.

(iv) Income or other socioeconomic information.

(v) Religious information or information regarding

other beliefs.

(vi) Information regarding food purchases.

(vii) Unique biometric data generated from

measurements or technical analyses of human body

characteristics, including, but not limited to, a

fingerprint, voice print, retinal or iris image or any

other unique physical representation or digital

representation of biometric data.

(viii) Geolocation data.

(ix) Information or data collected through the use

or operation of an automated license plate recognition

system.

(x) A user name or e-mail address, in combination

with a password or security question and answer that

would permit access to an online account.

(2) The term does not include publicly available

information that is lawfully made available to the general

public from Federal, State or local government records.

* * *

Section 2. Section 3(a) of the act is amended and the

section is amended by adding a subsection to read:

Section 3. Notification of breach.

(a) General rule.--

(1) An entity that maintains, stores or manages

computerized data that includes personal information shall

provide notice of any breach of the security of the system

following discovery of the breach of the security of the

20210SB0608PN0670 - 4 -

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30