The Small Business Blog

Consumer data has become one of the most important topics of the 21st century. The rise of the digital world we know today has brought to light a whole new threat to the average consumer. Individual’s personal data is often at risk when we use various online platform. There have been a large number of data breaches in which personal information has been stolen, instances of large companies collecting our data and selling it to the highest bidder, and many cases of data such as credit card information and social security numbers being stolen. A number of laws at the state and federal level have been enacted to attempt to reduce the instances of these data breaches. Pennsylvania House Bill 1010 is another one of these bills. The proposed legislation would put in place a number of requirements that would force entities to do more to protect their customers personal data.

House Bill 1010 would take steps to ensure that entities are vigilant in reporting data breaches to those that may be affected by the breach and would provide a cause of action to those affected by a breach. The proposed legislation provides that “an entity that maintains, stores, or manages computerized data that includes personal information shall provide notice of a breach of the security of the system following discovery of the breach of the security of the system to a resident of this Commonwealth whose unencrypted and unredacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person.” There is a lot to unpack here. An “entity”, as defined by the definition section of this a government agency, a political subdivision, or an individual or a business doing business in the commonwealth. The bill would require an entity to report any actual or reasonably suspected breach of personal data that is held by the entity.

What is included in personal data? We will again look to the definition section.  HB 1010 defines personal data as “an individual’s first name or first initial and last name in combination with and linked to any one or more of the following data elements when the data elements are not encrypted or redacted: 1) social security number; 2) driver’s license number or a state identification card; 3) financial account number, credit card number, or debit card number, in combination with any required security code, access code or password that would permit access to an individual’s financial account; 4) passport number; 5) a username or email address, in combination with a password or security question and answer; 6) medical history…; 7) health insurance policy number…; 8) unique biometric data… 9) taxpayer identification number.” I personally know I have entered information that would fall under many of these categories into an online system before. It is scary to think that there isn’t already a protection system in place to ensure the integrity this data, and that is why we have seen some of these massive data breaches in the past.

It is difficult to know the effects that this proposed legislation may have on business in the commonwealth as it is really all speculation until and if it does become law. HB 1010 applies to unencrypted data, so it seems that one good measure to take would be to encrypt consumer data if you are collecting consumer data. This may be difficult and expensive for small businesses, however, and therefore may not be adhered to. Some entities will undoubtedly opt not to encrypt data and take their chances which could potentially expose their customers to data breaches, and would subsequently make these entities susceptible to civil litigation.

House Bill 1010 also provides a cause of action for consumers who’s personal data is affected by a data breach. The proposed legislation provides that “a resident of this Commonwealth who is adversely affected by a violation of this act… may bring an action to: 1) enjoin further violations of this act. 2) recover the greater of actual damages or $5,000 for each separate violation of this act.” The threat of civil litigation hopefully would force entities to be more vigilant in the protection of their customers data and would provide customers affected by a data breach at least some compensation for their stolen information. However, it is difficult to put a price on stolen information. The proposed legislation would provide for affected customers to recover up to $5,000, but the actual damage to an individual consumer could be far greater than that. Identity theft is an incredibly difficult situation to deal with and can have effects that follow an individual for years.

House Bill 1010 is merely proposed legislation so there is no actual way to measure how and if it will affect businesses in the commonwealth. However, data security is something that is extremely important and should be taken seriously by businesses in the commonwealth, whether it is required by legislation or not. Stay vigilant to protect your business and your customers by going to appropriate lengths to ensure that you are protecting consumer data. If your business collects large amounts of consumer data it should be encrypted and kept on secure servers. Stay up to date on current and proposed cybersecurity legislation that may affect your business, including House Bill 1010. The best way to protect your business and your customers is to stay proactive and take the appropriate measures to keep your data secure.

 

Sources:

https://www.legis.state.pa.us//cfdocs/Legis/CSM/showMemoPublic.cfm?chamber=H&SPick=20190&cosponId=27434

https://www.legis.state.pa.us/cfdocs/legis/PN/Public/btCheck.cfm?txtType=PDF&sessYr=2019&sessInd=0&billBody=H&billTyp=B&billNbr=1010&pn=1160

Photo Sources:

https://www.forbes.com/sites/bernardmarr/2020/01/10/the-5-biggest-cybersecurity-trends-in-2020-everyone-should-know-about/#1f5cc23b7ecc

PA.gov/guides/cybersecurity/

Residents of Pennsylvania have long enjoyed the luxury of shopping online without paying the 6% Pennsylvania sales tax imposed in physical stores within the commonwealth. This changed last July with the enactment of Pennsylvania Act 13 of 2019, otherwise known as Pennsylvania House Bill 262, which has brought a number of changes in the way the commonwealth collects sales taxes.

What is House Bill 262?

The Pennsylvania Department of Revenue has created a page on their website to help synthesize the ramifications of House Bill 262. The page can be found here. HB 262 mandates that businesses that generate at least $100,000 in revenue in the commonwealth must register, collect, and remit sales tax. The law go further to define what this means. The law states that “vendors who have no physical presence but whose direct sales and facilitated marketplace sales attributed to Pennsylvania exceed $100,000.” The law is written broadly to ensure that no methods of generating revenue in this manner are excluded, such as companies that make sales through mail order catalogs or companies that make sales over the phone. However, it is clear that the largest sector of companies affected by this law is companies that generate revenue through online sales.

The Pennsylvania Department of Revenue goes on to define a “marketplace facilitator.” A marketplace facilitator according to the Department of Revenue is as follows: “a marketplace facilitator contracts with marketplace sellers to list or advertise the sellers’ goods and services for sale through a marketplace.” Some examples of a marketplace facilitator would include companies such as Amazon, eBay, etc. A marketplace seller is the individual or company who contracts with the marketplace facilitator to sell their goods on the facilitators platform.

House Bill 262 applies to sellers and facilitators that “have no physical presence but whose direct sales and facilitated marketplace sales attributed to Pennsylvania exceed $100,000.” The Pennsylvania Department of Revenue goes on to explain that the law applies to “all marketplace facilitators and online sellers who maintain a place of business by having economic presence.” That is to say that the sellers and facilitators are not located within the commonwealth, but maintain an economic presence in the commonwealth. Maintaining an economic presence in the commonwealth is defined by the Department of Revenue as determining on a year-to-year basis, using a calendar year, if the seller or facilitator has reached the sales threshold of $100,000. Economic presence is solely determined on the basis of the yearly sales threshold; the number of transaction made by the facilitator or seller within the commonwealth is irrelevant.

Ensuring Compliance with House Bill 262

There are a number of factors to consider to determine if you must comply with this particular law. Ask yourself these questions about your operation:

1.      Do you maintain a physical presence in Pennsylvania?
2.      Are you considered a marketplace facilitator or a marketplace seller?
3.      Do you maintain an economic presence in Pennsylvania?
4.      Does that economic presence exceed the sales threshold?

If you answered yes to the first question, then go no further. If you maintain a physical presence in Pennsylvania you must register, collect, and remit Pennsylvania sales tax whether your sales occur online or in a physical location. If you do not maintain a physical presence in Pennsylvania then you must ask yourself the next three questions listed. If you answer no to the first question but yes to the final three (you do not maintain a physical presence in the commonwealth, but you are considered a marketplace facilitator or seller, you do maintain an economic presence in Pennsylvania, and that economic presence exceeds the $100,000 sales threshold), then you also must register, collect, and remit Pennsylvania sales tax. There are a number of resources available to you if you are a seller or facilitator with no physical presence in the commonwealth but the other conditions of the law do apply to you to help ensure you are in compliance. The link referenced above has a section that lists a number of approved Certified Service Providers that you can use to report and remit the sales tax to the Pennsylvania Department of Revenue.

The wheels of progress are always turning and technological advances alter the way that certain aspects of life operate. The rise of online shopping has made it easy and convenient to do your shopping from the comfort of your own home. However, governments must adjust their laws in order to keep up with this ever changing society. Pennsylvania House Bill 262 is a prime example of this. Take the necessary steps to ensure compliance with this law so that your business can continue to operate and thrive in an ever changing world.

References:

https://www.revenue.pa.gov/GeneralTaxInformation/Tax%20Types%20and%20Information/SUT/OnlineRetailers/Pages/default.aspx

https://www.revenue.pa.gov/GeneralTaxInformation/TaxLawPoliciesBulletinsNotices/TaxSummaries/Documents/2019_tax_summary.pdf

https://www.legis.state.pa.us/cfdocs/billinfo/billinfo.cfm?sYear=2019&sInd=0&body=H&type=B&bn=262

https://www.inquirer.com/news/pa-online-sales-tax-effective-july1-compliance-software-20190702.html

Photo References:

https://www.consumerreports.org/sales-tax/online-sales-tax-ruling/

https://www.revenue.pa.gov/Pages/default.aspx

 

Welcome to Sites At Penn State. This is your first post. Edit or delete it, then start blogging!