Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
A bill to protect the privacy of shoppers’ personal data embedded in identification-card bar codes scanned by retail businesses passed the New Jersey legislature and is awaiting action by Gov. Chris Christie (R).
The state Assembly approved the Personal Information and Privacy Protection Act ( A2794/S1913) unanimously June 22, following unanimous approval by the state Senate June 15. Christie’s office has a policy against commenting on pending legislation, so his intentions aren’t known.
The bill, which was triggered by 2015 news reports of consumer complaints against stores scanning driver’s licenses and retaining the data, would set seven purposes for which that would be allowed—including verification of identity, age, or authenticity. Under the bill, retailers may retain the personal data but are required to store it securely. Any security breach would trigger reports to the affected consumers and the state police.
The bill would limit the information collected to name, address, date of birth, state of issuance, and identification card number, and also prohibit sharing the information with third parties for marketing, advertising, or promotions.
It remained unclear, however, how much additional security the bill would provide.
“At first blush, this seems to be a business protection law disguised as a consumer protection law,” Adam Levin, a former director of the New Jersey Division of Consumer Affairs, told Bloomberg BNA June 23. “It seems to allow every merchant, if they want, to scan a driver’s license for almost any transaction,” Levin said.
The retail sector “has been a sieve” for personal information, and the information allowed under the New Jersey bill would be enough for hackers “to launch a serious phishing attack,” Levin, chairman of the CyberScout LLC consulting firm in New York, said in a phone interview.
Mitch Feather, who runs the Creative Associates data security consulting firm in Madison, N.J., told Bloomberg BNA June 23, that the impact of the bill would “be nil” for New Jersey businesses already in compliance with a host of state and federal privacy laws.
Businesses commonly scan the bar codes on identification cards to verify the authenticity of the card, check the consumer’s age and identity, and prevent fraudulent merchandise returns, the bill’s sponsors said while announcing the Assembly passage.
Those practices would be permitted and scanning the bar codes would also be allowed to establish or maintain a contractual relationship.
Violators of the bill’s provisions would face a $2,500 civil penalty for a first offense and $5,000 for any subsequent offense. They may also face court actions to recover damages.
Those fines may be just the cost of doing business compared with, for instance, a Massachusetts law that sets a $5,000 fine for each name in a data base that has been breached, Levin said. Allowing court actions for damages also sounds good, but it is difficult for consumers to win those cases, which can be time-consuming and cumbersome, Levin said.
To contact the reporter on this story: John Herzfeld in New York at firstname.lastname@example.org
To contact the editor responsible for this story: Donald Aplin at email@example.com
Full text of the bill is available at http://src.bna.com/qab.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)