Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

State Report: New NJ Data Breach Notification Legislation Signed

By Suzette Parmley
June 01, 2019

Legislation expanding the types of personal data that will trigger a required notification to customers in case of a breach, including email addresses and passwords, was signed into law by Gov. Phil Murphy.

The online breach bill, S52, was signed on May 10, 2019.

With his signature, New Jersey joins California, Alaska, Iowa, South Carolina, Virginia and West Virginia with the new online standards to combat the growing menace of data breaches.

Existing law required businesses and public entities that compile digital information to notify consumers of breaches involving personal information, such as Social Security numbers, driver's license numbers, or credit and debit card information.

The new law amends those standards to include usernames, email addresses, and any passwords or security questions and answers that would permit access to an online account.

The legislation amends the Consumer Fraud Act. Penalties that apply to a willful, knowing and reckless violation of the notification requirements are: $10,000 for the first offense and $20,000 for the second and any subsequent offense; and treble damages in a civil suit.

Sen. Troy Singleton (D-Burlington) said it's intended to bolster consumers' rights to privacy and protection and instill a greater sense of security.

“With online databases and private account information being hacked so frequently now, consumers are more vulnerable to exposure and harm,” said Singleton, primary sponsor of S-52 in the Senate with Sen. Nia Gill (D-Essex), in a statement. “When a data breach occurs and sensitive or confidential protected data is accessed or disclosed without authorization, we have a right to know.”

The new law requires that breach alerts be provided to New Jersey resident consumers through written or electronic notice. If the business or entity demonstrates that the cost of providing notice would exceed $250,000, or that the number of affected consumers exceeds 500,000, or if the business or public entity does not have sufficient contact information, a substitute notice would include an email notice, a posting of the notice on the business or entity's website, as well as notification to major statewide media.

The bill's sponsors had companies with huge customer databases in mind when amending the current law after a year of high-profile data breaches. Breach victims included Marriott/Starwood Hotels, a subsidiary of Marriott International, whose data breach reportedly may have exposed personal information of up to 500 million guests. The hotel company said that an unauthorized party had four years of access to the Starwood guest reservation database, which contained guest information — including names, addresses, phone numbers, email addresses, passport numbers, date of birth, reservation dates, and credit and debit card information.

Other large companies such as Yahoo, Ebay, Equifax and Target have also been victims of data breaches in the past several years.

Under the new law, if breaches occur, consumers would have the opportunity to change their online account information quickly and monitor for potential identity theft, according to Assemblyman Ralph Caputo (D-Essex), who sponsored companion bill A-3245 in the Assembly with Assemblywoman Carol Murphy (D-Burlington).

“Protecting the security of online accounts is important for consumers, as a breach of security of these accounts can lead to the compromise of personal information and expose consumers to identity theft,” Caputo said in a statement.

The bill passed both chambers with relative ease after being introduced in early 2018. The full Senate approved it Jan. 31 by a 39-0-1 vote, and the Assembly passed it 76-0-0 on Feb. 25.

“Data breaches are an unfortunate effect of the technological age in which we live,” Assemblywoman Murphy said: “The reality is, many people give out their personal information when shopping or doing business online without a second thought.

“When those breaches inevitably occur, we have to make sure those potentially impacted have the chance to take steps to secure their information,” she said.

*****

Suzette Parmley is the Trenton Correspondent who covers the N.J. Supreme Court, N.J. Legislature and Business of Law for the New Jersey Law Journal, an ALM sibling of Cybersecurity Law & Strategy. Prior to joining ALM, she spent a decade and a half at The Philadelphia Inquirer, mostly on the Business Desk as Atlantic City Gaming Writer, Trenton Statehouse Correspondent, and Retail Columnist/Reporter. Suzette is a five-time winner of the Business Financial Writing Portfolio Award given out annually by the New Jersey Press Association. She is a graduate of the Fels Center of Government at the University of Pennsylvania. She can be reached at [email protected] or follow her on Twitter @SuzParmley.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers Image

In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.

Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

CoStar Wins Injunction for Breach-of-Contract Damages In CRE Database Access Lawsuit Image

Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.

Fresh Filings Image

Notable recent court filings in entertainment law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.