Legislation Would Require Companies to Provide Detailed Notifications & Access to Free Credit Reports for up to a Year
In the wake of the recent massive security breach at Target, Assemblywoman Linda Stender introduced legislation on Thursday that would protect consumers in the event of any future security breaches that compromise sensitive financial data.
“What happened with Target was nearly unprecedented and, consequently, created unprecedented nightmares for consumers who had their data stolen,” said Stender (D-Middlesex/Somerset/Union). “While Target has been working with customers to help them monitor their finances, we want to make sure that, god forbid this happens again, consumers will be empowered to monitor their credit and take action on their own.”
Stender’s bill takes a two-fold approach, requiring businesses and public entities to provide customers with certain notifications following a breach of security that compromises personal information and to provide customers with a free monthly copy of their credit report for up to 12 months.
Under current law, a business or public entity must disclose a breach of security of computerized records to any customer who is a resident of New Jersey whose personal information was, or is reasonably believed to have been, accessed by an unauthorized person.
Stender’s bill would require that this notification must be provided through either written or electronic notice. Under the bill, businesses and public entities may no longer provide notification through substitute notice, which is permitted under current law for certain breaches of security.
Specifically, the bill provides that the notice must contain contact information, including a toll free telephone number, of a customer representative of the business or public entity who is available to give the customer information on:
1) what information has been compromised and potential consequences of the breach of security;
2) how the company or public entity is addressing the breach;
3) what steps the customer may take to safeguard the customer’s information; and
4) notification that the customer has access to free credit reports.
“Global consumerism has unfortunately made these types of breaches more commonplace in recent years,” added Stender. “We’re never going to be able to thwart them entirely, but we can empower consumers to protect themselves before irreparable damage is done to their credit or finances.”
Additionally, under the bill, for a period of six months following notification of a breach of security, the business or public entity must provide customers with access to independent credit reports from a consumer reporting agency and pay any fees required for supplying the customer with a credit report once per month for a period of twelve months following the customer’s initial request for a credit report.
The customer shall be notified of their right to access to free credit reports when the business or public entity notifies the customer of the breach of security.