In the wake of the Marriott/Starwood Hotels data breach which may have exposed personal information of up to 500 million guests, a bill sponsored by Assembly Democrats Ralph Caputo and Carol Murphy that would require consumers to be notified of online account security breaches was signed into law by Governor Phil Murphy Friday.
Current law required businesses and public entities that compile digital information to notify consumers of breaches involving personal information, such as Social Security numbers, driver’s license numbers, or credit and debit card information.
This new law (formerly A-3245) would amend those standards to include usernames, email addresses, and any passwords or security questions and answers that would permit access to an online account.
Under the measure, if breaches occur, consumers would have the opportunity to change their online account information quickly and monitor for potential identity theft, according to Caputo.
“Protecting the security of online accounts is important for consumers, as a breach of security of these accounts can lead to the compromise of personal information and expose consumers to identity theft,” said Caputo (D-Essex). “If an individual’s personal information has become unwillingly available to someone else, they have the right to know as quickly as possible.”
Data breaches happen almost daily. The latest high-profile breach impacted customers of Starwood Hotels and Resorts, a subsidiary of Marriott International. The company announced last week that an unauthorized party had access to the Starwood guest reservation database for four years. The database contained guest information which includes names, addresses, phone numbers, email addresses, passport numbers, date of birth, reservation dates, and credit and debit card information.
Other large companies like Yahoo!, Ebay, Equifax, and Target have been victims of data breaches in the past several years.
“Data breaches are an unfortunate side effect of the technological age in which we live. The reality is, many people give out their personal information when shopping or doing business online without a second thought,” said Murphy (D-Burlington). “When those breaches inevitably occur, we have to make sure those potentially impacted have the chance to take steps to secure their information.”
New Jersey joins six other states in implementing such legislation.