If signed into law, a bipartisan bill sent by New Jersey legislators to Gov. Phil Murphy would expand data breach notification in the state, requiring companies to alert citizens to breaches of a wider range of personal identifiable information (PII), including user names, passwords, email addresses and security questions.
“When a data breach occurs and sensitive or confidential protected data is accessed or disclosed without authorization, we have a right to know,” Sen. Troy Singleton, D-Burlington, said after the bill he sponsored advanced from committee last year. “This bill’s notification requirement puts consumers on alert to monitor for potential identity theft and helps them to quickly change online account information and prevent outside access to the account. This bill will bolster consumers’ rights to privacy and protection and instill a greater sense of security.”
Bill S-52 is one of a handful of initiatives that New Jersey lawmakers have proposed to bolster security and privacy. The legislature is also expected to mull A-3541, which will would require companies to alert customers to a breach within five days of discovering it. A GDPR-like bill, S-2834, also sponsored by Singleton, would compel companies to inform users of their data collection practices and how information is shared.