New Jersey Amends Data Breach Law, Expanding Definition Of Personal Info

New Jersey last week officially passed Bill S-52, which amends its previous data breach notification law.

Governor Phil Murphy signed the bipartisan legislation into law on May 10, after the bill sailed through the state’s General Assembly and Senate last February.

The new law expands the definition of what constitutes personal information that, if exposed in a breach, would require a company to issue a notification. Once S-52 takes effect on Sept. 1, 2019, personal information will also include a “user name, email address, or any other account holder identifying information, in combination with any password or security questions and answer…” the law states.

“With online databases and private account information being hacked so frequently now, consumers are more vulnerable to exposure and harm,” said State Sen. Troy Singleton, D-Burlington, one of the bill’s sponsors, in a press release. “When a data breach occurs and sensitive or confidential protected data is accessed or disclosed without authorization, we have a right to know.  This new law will bolster consumers’ rights to privacy and protection and instill a greater sense of security.”

Sen. Nia Hill, D-Essex and Passaic; Assemblyman Ralph Caputo, D-Essex; Assemblyman Jay Webber, R-Essex, Morris and Passaic; and Assemblywoman Carol Murphy, D-Burlington are also listed as the bill’s main sponsors.

Last month, Washington state similarly passed a law that also expanded requirements for public breach notifications.

Original Article