A group of New Jersey lawmakers said recent data breaches at Staples, Home Depot, Target and more have exposed a glaring loophole in the state’s identify theft laws that they want to close.
On Thursday, the Assembly Consumer Affairs Committee approved a measure to help ensure that consumers are informed of security breaches made to their account.
“Consumer notification is critical. If there’s a time where information is going to be compromised we want the consumer to know exactly what has been compromised,” said Assemblyman Troy Singleton (D-Mount Laurel).
Current law requires businesses to disclose breaches involving personal information such as Social Security numbers, addresses, driver’s license numbers, or credit or debit card numbers, in combination with any required security code, access code, or password that would permit access to an individual’ financial account.
The legislation co-sponsored by Singleton would also require companies to tell consumers if their user names, email addresses or security questions and answers that allow access to an online account have also been compromised in a data breach.
“We want to be in a position to be proactive and say, ‘If this happens let the consumer know everything.’ Any time there’s a breach of security everyone should know everything that happened and I think that’s what we want to encourage,” Singleton said.
Between 2005 and 2014, there have been 4,695 breaches exposing 633 million records, according to the Identity Theft Resource Center, a nonprofit organization that provides identify theft information to consumers. The average cost of a breach to an organization is estimated at $3.5 million.
It’s clear consumers are concerned about data breaches.
The bill is co-sponsored by Assembly members Ralph Caputo (D-Belleville), Mila Jasey (D-Maplewood), Joe Lagana (D-Paramus) and Annette Quijano (D-Union). The measure is modeled after a law that took effect in California in early 2014.