New Jersey Expands Data Breach Notification Law to Include Online Account Security
Starting July 1, 2019, New Jersey businesses will be required to notify consumers if a data breach involves online account information that could allow unauthorized access to a consumer’s online account. This change comes as part of a recent update to the state’s data breach notification law, which now includes online account information within its definition of personal data.
Previously, New Jersey’s law defined personal information as details like Social Security numbers, driver’s license numbers, and account numbers linked to financial information. However, with the new amendment, personal information is now expanded to also include a consumer’s online account credentials, specifically usernames, email addresses, and any other identifying information, when combined with a password or answers to security questions that would allow access to an online account.
This update means that if your business experiences a data breach involving online account details, you must notify affected consumers just as you would if other types of personal information, like credit card numbers or Social Security numbers, were compromised.
New Jersey isn’t alone in making this change. Several other states, including Washington, Wyoming, Florida, Rhode Island, and Nevada, have already expanded their data breach laws to include online account information, and Washington’s law will take effect on March 1, 2020. As more states adopt similar measures, it’s becoming increasingly important for businesses to reassess their data breach response protocols to ensure they are in compliance with the latest regulations.
For businesses in New Jersey, this amendment highlights the importance of securing online account information, not just traditional personal data. If your company handles user credentials or any kind of personal identifying information tied to online accounts, it’s crucial to update your security policies to protect that data. Additionally, businesses should ensure they are prepared to notify customers promptly in the event of a breach, in accordance with the state’s updated requirements.
New Jersey businesses should review their current data breach notification practices to ensure they now include any incidents involving online account information. This may require updating your internal procedures, security measures, and even employee training to ensure you are ready to meet the expanded requirements by the July 1 deadline.
© 2019 Cliclaw.com
(Image Credit: iStock Photo)
This article is for information purposes only. It is not intended to be and should not be relied on as legal advice for any particular matter.