Fines for violating 18 Pa.C.S. §4107 range from $50 to $500.
Any business that has its principle place of business, is registered, or headquartered in Pennsylvania would be required to comply with the law regardless of whether or not the data being collected belonged to a Pennsylvania resident.
The Attorney General has the power to “investigate and to institute criminal proceedings for any violation of this section or series of such violations involving more than one county in the Commonwealth, or involving any county of the Commonwealth and another state.”
Any survey, opinion, and marketing research company not located in Pennsylvania that might gather data on any Pennsylvania resident should comply with the law, since Pennsylvania’s long-arm statute may allow researchers outside the state to be prosecuted.
Violating the Law
However, a consumer harmed by an accidental breach of a company’s privacy policies may be able to sure the data holder on other grounds.
As always, MRA recommends compliance with this law even if you don’t think it specifically applies to your company by keeping firm practices consistent with stated policies. Litigating these kinds of issues can be very costly, even if your company is eventually successful. And compliance with the Pennsylvania law will help you keep compliant with the FTC Act.
This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.