Bill > A1426

Introduced Session

This bill requires businesses and public entities to provide customers with certain notifications following a breach of security that compromises the personal information of customers. Under current law, following a breach of security, a business or public entity is required to disclose the breach of security of those computerized records following discovery or notification of the breach to any customer who is a resident of New Jersey whose personal information was, or is reasonably believed to have been, accessed by an unauthorized person. The bill requires that customers receive this notification through either written or electronic notice. Under the bill, businesses and public entities may no longer provide notification through substitute notice, which is permitted under current law for certain breaches of security. The bill requires the notice to contain contact information, including a toll free telephone number, of a customer representative of the business or public entity who is available to give the customer information on: (1) what information has been compromised and potential consequences of the breach of security; (2) how the company or public entity is addressing the breach; (3) what steps the customer may take to safeguard the customer's information; and (4) notification that the customer has access to free credit reports. The bill, provides that whenever a business or public entity that compiles or maintains computerized records that include personal information on behalf of another business or public entity experiences a security breach, the third party entity is responsible for reimbursing the business or public entity the cost of notifying its New Jersey customers of the security breach, as required under current law, and the cost incurred for providing customer access to independent credit reports, as required by the bill. Additionally, for a period of six months following notification of a breach of security, the business or public entity is required to provide a customer with access to independent credit reports from a consumer reporting agency (CRA). When the business or public entity notifies a customer of a security breach, it would also provide notice of the customer's access to free credit reports. The business or public entity is to supply the appropriate contact information of the CRA. The business or public entity, or the third party entity that compiles or maintains computerized records on its behalf, would pay any fees to the CRA for supplying the customer with a credit report once per month for a period of 12 months following the customer's initial request for a credit report.

AI Summary

Committee Categories

Jim Kennedy (D)*,  Kevin Rooney (R)*,  Daniel Benson (D),  Raj Mukherji (D), 

Introduced, Referred to Assembly Consumer Affairs Committee (on 01/11/2022)

Official Document