Bill > S1352

This bill revises the requirements for disclosure of a breach of security of certain computerized records containing personal information. The key provisions are: 1. Businesses or public entities that maintain computerized records with personal information must disclose a breach to affected customers within 5 business days, unless law enforcement requires a delay or additional time is needed to determine the scope of the breach. 2. Businesses or public entities must report the breach to the State Police before notifying customers. 3. Notification can be provided through written, electronic, or substitute notice (e.g., website posting, media notification) if the cost or number of affected individuals exceeds certain thresholds. 4. For breaches involving only a user name or password, the business or public entity can provide notification directing the customer to change the login credentials. 5. Businesses that provide email accounts cannot notify the affected email account of the breach, and must use another method of notification.

Business and Industry

https://www.njleg.state.nj.us/bill-search/2022/S1352