BillTrack50 logo
Free Signup Login
Bill

Bill > A6098

NJ A6098

NJ A6098
Requires businesses in financial, essential infrastructure, and health care industries to report cybersecurity incidents.

summary

Introduced
12/02/2021
In Committee
12/02/2021
Crossed Over
Passed
Dead
01/11/2022

Introduced Session

2020-2021 Regular Session

Bill Summary

This bill would require sensitive businesses to report certain cybersecurity incidents promptly to the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). For the purposes of this bill, a "cybersecurity incident" means an event occurring on or conducted through a computer network that jeopardizes the integrity, confidentiality, or availability of, or information residing on, computers, information systems, communications systems networks, physical or virtual infrastructure controlled by computers, or information systems. The bill would direct the NJCCIC to audit the relevant business no later than 30 days after being made aware of an incident. Cybersecurity audits would be conducted by a qualified and independent cybersecurity company at the sensitive business' expense.

AI Summary

This bill would require sensitive businesses in the financial, essential infrastructure, and healthcare industries to promptly report certain cybersecurity incidents to the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). The NJCCIC would then be required to audit the sensitive business's cybersecurity program and any actions taken in response to the incident within 30 days. The audit would be conducted by a qualified and independent cybersecurity company at the sensitive business's expense, and the business would be required to submit the audit and any corrective action plans to the NJCCIC.

Committee Categories

Business and Industry

Sponsors (2)

Last Action

Introduced, Referred to Assembly Financial Institutions and Insurance Committee (on 12/02/2021)
(1 Companion Bills)

bill text

bill summary

Loading...

bill summary

Loading...
Loading...