Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Lorraine McCarthy
The Assembly Consumer Affairs Committee reported A. 3146, which would amend the New Jersey statute that requires businesses and public entities that compile or maintain computerized records containing information that permits access to an online account to disclose any breach of the security of the information.
N.J. Stat. Ann. § 56:8-163 requires disclosure of data security breaches involving (1) Social Security numbers, (2) driver's license numbers or (3) credit or debit card numbers, in combination with any required security code, access code or password that would allow access to an individual's financial account.
A. 3146 would amend Section 56:8–161 to expand the list of breaches requiring disclosure to user names, e-mail addresses or any other account holder identifying information, in combination with any password or security question and answer that would permit access to an online account.
“Identity theft is one of the fastest growing crimes in the country,” Assemblyman Troy Singleton (D), a co-prime sponsor of the measure, said in an Oct. 23 statement. “What we have learned from the recent security breaches at major retailers is that they can happen anywhere and to virtually any company, large or small. It is essential for consumers to be kept informed of data breaches so that they can take the necessary steps to protect their information.”
The Assembly Financial Institutions and Insurance Committee released A. 3322, which applies to health insurance carriers that compile or maintain computerized records containing personal information.
Personal information would be defined as a person's first name or first initial and last name linked with one or more data elements, including his or her Social Security number, driver's license or state identification card number, address or identifiable health information.
Under the measure, the information would have to be encrypted or secured by some other method or technology that made it “unreadable, undecipherable or otherwise unusable by an unauthorized person.”
A password-protection program alone would be insufficient, unless it rendered the personal information unusable by an unauthorized person who operated, altered, deleted or bypassed the password-protection program.
The requirements of the bill would apply to end-user computer systems, such as desktop and laptop computers, tablets or other mobile devices or removable media, and computerized records transmitted across public networks.
Violations would come under the New Jersey Consumer Fraud Act, N.J. Stat. Ann. §§ 56:8-1–56:8–80, which provides for penalties of up to $10,000 for a first offense and $20,000 for subsequent offenses, a cease and desist order from the state attorney general and a potential award of treble damages and costs to the injured party.
Assemblyman Gary S. Schaer (D), who co-sponsored the bill, said in an Oct. 23 statement that it is “a reasonable requirement to protect personal privacy in this digital age.”
Both bills are in position for a floor vote in the Assembly, after which they would move to the Senate.
If enacted, A. 3146 would take effect on the first day of the fourth month after enactment. The effective date for A. 3322 would be the first day of the seventh month after enactment.
To contact the reporter on this story: Lorraine McCarthy in Philadelphia at firstname.lastname@example.org
To contact the editor responsible for this story: Katie W. Johnson at email@example.com
A. 3146, as reported by the Consumer Affairs Committee, is available at http://www.njleg.state.nj.us/2014/Bills/A3500/3146_R1.PDF.
A. 3322, as introduced, is available at http://www.njleg.state.nj.us/2014/Bills/A3500/3322_I1.PDF.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)