U.S. state you are currently residing in is Pennsylvania, research its breach notification law. Note that some states do not label it as such, but all 50 states have some form of legislation that mandates an organization’s responsibilities when a data breach affects the state’s citizen’s private, protected information.
Some research resources to consider include your textbook, of course; the UC Library, particularly via the Nexis Uni database; the state’s governmental websites; the state bar association’s (legal profession) website; Cornell University’s legal website; etc. Describe your state’s law including at least these considerations:
What types of organizations or individuals does it apply to?
Is it limited to only those organizations or individuals who reside or exist in that state, or might it affect external interests?
How does the law define or describe the information that it protects, by both name and description?
What exemptions, if any, exist?
What are the penalties for violating the law?
In your opinion, is it effective? Good law? Needing updating? What other critiques or opinions do you have about it?
500 words APA format needed with references