New Jersey Assembly Bill A548

The amendments presented by A548 specifically focus on improving customer protection against identity theft by ensuring timely notifications about potential breaches. By tightening the disclosure timeframe, the bill is designed to foster greater accountability among businesses, potentially enhancing the trust of consumers in how their personal data is handled. Conversely, some businesses may find this mandate burdensome, particularly smaller entities that might struggle to comply promptly under the threat of penalties for non-disclosure.

Bill A548 aims to revise and enhance the disclosure requirements for businesses and public entities in New Jersey that experience a breach of security involving computerized records containing personal information. The primary provision of the bill mandates that such entities must inform affected customers within five business days following the discovery of a breach. This change enforces a stricter timeline compared to previous regulations, which required disclosure 'in the most expedient time possible'. Importantly, exceptions to the notification requirement exist if an investigation determines that misuse of the information is not reasonably possible, a decision that must be substantiated in documentation.

Discussions around A548 have spurred concerns regarding the implications of increased burdens on businesses, especially in terms of the capacity to manage data breaches effectively and the costs associated with swift disclosures. Critics argue that the five-day requirement could be overly aggressive, emphasizing the need for flexibility in circumstances where law enforcement involvement is necessary or where investigations into the scope of breaches are still ongoing. Additionally, there are apprehensions about how this bill may intersect with existing state and federal regulations, including the potential overlap with the provisions of the federal 'Fair Credit Reporting Act'.