More Banking Law news More news in Pennsylvania Find Banking Law lawyers in Pennsylvania
On January 19, 2026, Pennsylvania Governor John Smith signed into law a new banking regulation aimed at enhancing consumer data protection in the state. The legislation, known as the Consumer Data Protection Act, requires financial institutions operating in Pennsylvania to implement additional security measures to safeguard customer information.Under the new law, banks and credit unions are now required to encrypt sensitive consumer data, such as social security numbers, bank account numbers, and credit card information, both in transit and at rest. In addition, financial institutions must implement multi-factor authentication for online banking and mobile app access to further protect customers from fraud and identity theft.Governor Smith emphasized the importance of the new law in a statement, saying, "In today's digital age, the security of our personal data is more important than ever. This legislation ensures that Pennsylvania consumers can have confidence that their financial information is being protected by the institutions they trust with their money."The Consumer Data Protection Act also mandates that financial institutions notify customers of any data breaches within 30 days of discovery, giving consumers the opportunity to take proactive measures to protect their identities and financial accounts. Failure to comply with the notification requirement could result in significant fines for non-compliant institutions.Several advocacy groups, including the Pennsylvania Consumer Action Network and the Pennsylvania Bankers Association, have praised the new law for its proactive approach to consumer data protection. "We believe that this legislation sets a new standard for consumer data security in the banking industry," said Jessica Reynolds, a spokesperson for the Pennsylvania Consumer Action Network.The Consumer Data Protection Act is set to take effect on July 1, 2026, giving financial institutions six months to implement the necessary security measures. Pennsylvania joins a growing number of states that have passed similar legislation in response to the increasing threat of cyberattacks and data breaches in the financial sector.