Singleton Bill to Require Disclosure of Online Account Security Breaches Signed into Law

Trenton – Legislation sponsored by Senator Troy Singleton, which would expand the types of “personal information” that would trigger a notification to customers if breached to include online account information, was signed into law by Governor Phil Murphy today.

“With online databases and private account information being hacked so frequently now, consumers are more vulnerable to exposure and harm,” said Senator Singleton (D-Burlington).  “When a data breach occurs and sensitive or confidential protected data is accessed or disclosed without authorization, we have a right to know.  This new law will bolster consumers’ rights to privacy and protection and instill a greater sense of security.”

The new law will widen the scope of information that, if breached, will require disclosure to include user names, email addresses or any other account holder identifying information, in combination with any password or security question and answer that would permit access to an online account.

The law requires that breach alerts would be provided to state resident consumers through written notice, electronic notice, or if the business or entity demonstrates that the cost of providing notice would exceed $250,000, or that the number of affected consumers exceeds 500,000, or if the business or public entity does not have sufficient contact information, a substitute notice would include an e-mail notice, a posting of the notice on the business or entity’s website and notification to major statewide media.