Update and Correction: One of the statements in the following press release seems inaccurate. Please see this post as to the discrepancy between the press release and the bill.
An Assembly panel on Thursday approved legislation sponsored by Assembly Democrats Troy Singleton, Ralph Caputo, Mila Jasey, Joseph Lagana and Annette Quijano to ensure that consumers are informed of security breaches made to their account.
Between 2005 and 2014, there have been 4,695 breaches exposing 633 million records, according to the nonprofit Identity Theft Resource Center. The average cost of a breach to an organization is estimated at $3.5 million.
“Identity theft is one of the fastest growing crimes in the country,” said Singleton (D-Burlington). “What we have learned from the recent security breaches at major retailers is that they can happen to anywhere and to virtually any company, large or small. It is essential for consumers to be kept informed of data breaches so that they can take the necessary steps to protect their information.”
The bill requires businesses and public entities that compile or maintain computerized records that include information to permit access to an online account to disclose to consumers if there is a breach of security of that information.
“Consumer information has become increasingly vulnerable with the popular use of the internet for shopping and banking,” said Caputo (D-Essex). “Immediate and clear notification of company data breaches is critically important to the consumer and the protection of their personal information.”
“Many residents rely on the convenience of online accounts, banking, and credit cards,” said Jasey (D-Essex, Morris). “Timely notification of a security breach is crucial to consumer protection.”
Current law provides that business and public entities must disclose breaches involving personal information such as Social Security numbers, driver’s license numbers, or credit or debit card numbers, in combination with any required security code, access code, or password that would permit access to an individual’ financial account.
“While many companies are working to protect consumers’ personal information from identity thieves,” said Lagana (D-Bergen, Passaic). “This bill underscores the importance of notifying consumers as soon as possible if their personal information is at risk of identity theft.”
“Swift notification of a data breach will put consumers on alert,” said Quijano (D-Union). “Notification allows consumers to change their online account information quickly following a breach and put consumers on notice to monitor for potential identity theft.”
The bill adds user names and email addresses, in combination with any password or security question and answer that would permit access to an online account to this list of breaches requiring disclosure.
The measure was released by the Assembly Consumer Affairs Committee.
SOURCE: NJ Assembly Democrats (press release)
The bill is AB 3146.