February 25, 2020

February 25, 2020

Subscribe to Latest Legal News and Analysis

February 24, 2020

Subscribe to Latest Legal News and Analysis

NJ & NY Propose Amendments To Data Breach Laws

The New Jersey Assembly on December 15 unanimously approved, by a vote of 75-0, a bill designed to better protect consumers from identify theft. Bill A3146, if approved by the Senate, would expand the state’s law to include disclosure of a breach of security of online accounts.

Data Security Illustration, Unlocked

Per the Identity Theft Resource Center, between 2005 and 2014, there have been 4,695 breaches exposing 633 million records. with the cost of a breach to an organization averaging an estimated $3.5 million.

Under the NJ bill, the definition of “personal information” set forth in Section 10 of P.L.2005, c.226 (C.56:8-161) would be amended and expanded to include a combination of user name or email address with any password or security question and answer that would permit access to an online account.  Currently, the law covers breaches involving a combination of a Social Security number, driver’s license number or State identification card number, or account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.  The expansion would allow consumers, upon notice of a breach, “to change their online account information quickly following a breach and put consumers on notice to monitor for potential identity theft,” said one of the bill’s sponsors.

Notably, the New York assembly earlier introduced Bill A10190 which would amend New York’s data breach notification law (NY Gen. Bus. Law 899-aa).  The proposed amendment would require entities which conduct business in New York State, and which own or license  computerized  data  which  includes  private information to develop, implement, and maintain a comprehensive information security program which must be consistent with the safeguards for protection of personal information. The New York amendment would impose requirements nearly identical to those required under Massachusetts law.

Each of these developments should be closely monitored so that companies can ensure compliance.

Jackson Lewis P.C. © 2020


About this Author

Jason C. Gavejian, Employment Attorney, Jackson Lewis, Principal, Restrictive Covenants Lawyer

Jason C. Gavejian is a Principal in the Morristown, New Jersey, office of Jackson Lewis P.C. and a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

Mr. Gavejian represents management exclusively in all aspects of employment litigation, including restrictive covenants, class-actions, harassment, retaliation, discrimination and wage and hour claims in both federal and state courts. Additionally, Mr. Gavejian regularly appears before administrative agencies,...

(973) 538-6890
Marlo Johnson Roebuck, Jackson Lewis Law firm, Labor Employment Attorney
Office Managing Principal

Marlo Johnson Roebuck is the Office Managing Principal of the Detroit and Grand Rapids, Michigan, offices of Jackson Lewis P.C. She represents employers on the myriad of laws governing the workplace, including but not limited to Title VII, the Age Discrimination in Employment Act, and the Americans with Disabilities Act.

With almost two decades of legal experience, Ms. Roebuck's representation includes employment advice and counseling as well as employment litigation. She has successfully represented employers in the health care, financial and professional services, automotive, retail, real estate, education, manufacturing and pharmaceutical industries from internal investigations all the way through trial and appeal. She has attained on behalf of clients no cause verdicts in court and arbitration, and summary judgment, as well as procured reasonable settlements in mediation.