The legislation, sponsored by Troy Singleton,D-7th of Palmyra, is designed to broaden the scope of current law that requires businesses and public entities to disclose breaches of personal information.
TRENTON — Notification requirements of online account security breaches could soon be increased in the state.
The state Senate Commerce Committee approved a bill last week to expand the types of personal information that would trigger notifications to consumers after a data breach.
Sponsored by Troy Singleton, D-7th of Palmyra, the legislation would apply to all entities that compiles or maintains computerized records and supplements.
“With online databases and private account information being hacked so frequently now, consumers are more vulnerable to exposure and harm,” Singleton said. “When a data breach occurs and sensitive or confidential protected data is accessed or disclosed without authorization, we have a right to know. This bill’s notification requirement puts consumers on alert to monitor for potential identity theft and helps them to quickly change online account information and prevent outside access to the account.”
The legislation is designed to broaden the scope of current law that requires businesses and public entities to disclose breaches of personal information when an individual’s first name or initial and last name are linked with a social security card number, driver’s license number or state identification card, credit or debit card numbers, in combination with any required security code, access code, or password that would permit access to a person’s financial account.
If signed into law, the bill would mandate that consumers in the state be notified in writing of any security breaches that may affect them. If the business or entity can show that providing notices would exceed $250,000 or affects more than 500,000 consumers, or does not have sufficient contact information, the notice can be done through email or by posting on the company’s website and notification to statewide media.
If an email address and password is among the information compromised in the security breach, the business or entity would not be able to satisfy notice requirements by sending an email to the compromised accounts and would be required to provide a clear and conspicuous notice delivered to the consumer online while he or she is connected to the online account from an IP address or location the business knows the resident connects from regularly.
The legislation would be a supplement to the Consumer Fraud Act.
“This bill will bolster consumers’ rights to privacy and protection and instill a greater sense of security,” Singleton said
The bill will now head to the full Senate for consideration.
Last year, similar legislation was passed by the Senate by a vote of 33-0, but was vetoed by then-Gov. Chris Christie.