You may have started to read about changes that may directly affect your organization. In response to Europe’s new GDPR law.

In response to Europe’s new GDPR law, states have begun to draft and implement additional privacy laws and regulations. My home state of New Jersey is now attempting to lead the charge forward in seeing these new policies are in place.

We all know that security of credentials is critical to preventing data breaches, but now we have arrived at a point of what else defines “personal information”. States are not considering passwords and other credentials to be labeled personal information.

“The measure closest to becoming law, S-52, would force companies to disclose data breaches involving an expanded definition of “personal information.” The bipartisan bill was approved unanimously in the Legislature and now awaits a signature or veto by Governor Phil Murphy.

Current state law mandates that companies tell customers when their driver’s license numbers, Social Security numbers, account numbers or credit or debit card numbers have been compromised. The bill would expand that list to include user names, email addresses, and passwords or security questions and answers that could be used to gain access to an online account.”

For more info:

SENATE, No. 52 – STATE OF NEW JERSEY – 218th LEGISLATURE
https://www.njleg.state.nj.us/2018/Bills/S0500/52_R1.HTM

NJ Releases Annual Statistics on Cyber Breaches – https://www.nj.gov/oag/newsreleases18/pr20181023b.html

Americans and Cybersecurity – http://www.pewinternet.org/2017/01/26/americans-and-cybersecurity/

NJ’s APP News – https://www.app.com/story/news/new-jersey/2019/03/18/nj-data-breaches-notification-cybersecurity-online-privacy-legislation/3013418002/