More than 4 million NJ state residents were affected by data breach hacks in 2017. That alarming total has led state lawmakers to place increased focus upgrading the state’s legislative tools so people can better protect themselves.
The most significant chance for reform is NJ Senate bill S-52, which would make companies take a wider view of the definition of “personal information” in the wake of a data breach. The hope is that this will allow more people to be informed when any of their information is compromised in a hack.
“You take someone’s user name and password…and that can already be linked to their credit card account” said Sen. Troy Singleton, D-Burlington, explaining the need to expand the definition.
In addition, the bill would strengthen the timeline requirement for companies to disclose when their data has been compromised. The current legal requirement of “expediency” would be replaced with a hard deadline of five days. Law enforcement would have the option to extend that deadline if necessary for an investigation.
Currently, the bill has passed both houses of the NJ legislature and is awaiting the governor’s signature.
In addition to S-52, several other measures are currently being considered by the legislature. For example, S-2834 would require companies not only to inform users that their data is being collected, but also give them the chance to refuse permission to share that information with third parties.
Businesses have come out strongly against the measure, a stance that is not at all surprising given how valuable data is to companies as a product.
Gerard Keegan, vice president for state legislative affairs with a communications trade industry, told legislators that moves to hinder corporate monitazation of data were unethical.
“Many news sites, online content providers, apps provide those services and products free of charge because they are supported by advertising,” she said. “To force those companies to still provide those services and products to consumers who won’t share identifying information with advertisers is wrong and will possibly lead to those companies’ being shut down in the state.”
Sources: