Data Breach Notification Measure Signed by Governor

Gov. Phil Murphy Friday signed into law legislation (S52, now P.L.2019, c.95) that amends the section of the state’s Consumer Fraud Act that requires businesses disclose to consumers breaches involving personal information.  

The new law will widen the scope of information that, if breached, will require notification to include user names, email addresses or any other account holder identifying information, in combination with any password or security question and answer that would permit access to an online account. It also provides an alternative method of notification in certain instances.

The law requires that breach alerts would be provided to state resident consumers through written notice, electronic notice, or if the business or entity demonstrates that the cost of providing notice would exceed $250,000, or that the number of affected consumers exceeds 500,000, or if the business or public entity does not have sufficient contact information, a substitute notice would include an e-mail notice, a posting of the notice on the business or entity's website and notification to major statewide media.