Legislation Would Require Companies to Notify Consumers When Online Accounts Are Compromised
(TRENTON) - Legislation Assembly Democrats Troy Singleton, Ralph Caputo, Mila Jasey, Joe Lagana and Annette Quijano sponsored to increase transparency when the security of consumers' personal information is compromised online received final legislative approval Friday and now heads to the governor.
"The Internet has facilitated commerce and increased our access to services and information, but the unfortunate downside is that even a single breach of security online can open the door to identity theft," said Singleton (D-Burlington). "Consumers have a right to know whenever their personal information is at risk so that they can immediately take the appropriate action."
The bill (A-311) would add user names and email addresses or any other identifying information in combination with a code or password that would permit access to an individual's online account to the list of information that, if revealed, warrants disclosure of a security breach by businesses and public entities that compile or maintain digital records.
Current law requires disclosure when personal information - including an individual's first name or first initial and last name linked with any one or more of the following data elements: a Social Security number; a driver's license number or state identification card number; an account number; or a credit or debit card number - in combination with any required security code, access code or password that would permit access to an individual's financial account, is revealed due to a security breach.
"Individuals can't protect themselves if they don't know a security threat exists," said Caputo (D-Essex). "This bill will help ensure that affected consumers can quickly change their passwords or contact the authorities when necessary."
"Requiring companies to notify consumers of an online security breach will allow people to monitor their accounts and be more vigilant than usual when necessary," said Jasey (D-Essex/Morris). "When it's the consumer's personal information at stake, the consumer should have the opportunity, at the very least, to try to rectify the situation."
"When consumers are kept in the dark regarding the status of their personal information, the identity thief has the upper hand," said Lagana (D-Bergen/Passaic). "This bill simply is about making sure that people have the information they need in order to make the best decisions regarding their accounts."
"Adding information like user names and email addresses to the list of information that would require notification in the event of a security breach would ensure that state statute is equipped to handle the nature of modern technological threats," said Quijano (D-Union). "Our laws have to reflect the fact that, as Internet use becomes a part of more people's everyday lives, any compromise of online security is a very serious issue."
The bill was approved 32-0 today by the Senate, and 72-0 by the Assembly on April 7, 2016.