Shostack + Friends Blog Archive

 

New Jersey's breach law

New Jersey’s breach notification law went into effect in mid-December 2005. Like New York’s, it requires that a state entity be notified, in addition to the persons whose info was exposed:

c. (1) Any business or public entity required under this section to disclose a breach of security of a customer’s personal information shall, in advance of the disclosure to the customer, report the breach of security and any information pertaining to the breach to the Division of State Police in the Department of Law and Public Safety for investigation or handling, which may include dissemination or referral to other appropriate law enforcement entities.

NJ’s Breach Notice Law [link to http://www.njleg.state.nj.us/2004/Bills/A3500/4001_U1.HTM no longer works]
Ah. Unlike New York’s law, New Jersey’s makes that entity the State Police. NJ doesn’t consider [link to http://lis.njleg.state.nj.us/cgi-bin/om_isapi.dll?clientID=384994&Depth=2&depth=2&expandheadings=on&headingswithhits=on&hitsperheading=on&infobase=statutes.nfo&record={131F9}&softpage=Doc_Frame_PG42 no longer works] information “for use by any law enforcement agency in this State or any other state or federal law enforcement agency” to be a government record, so perhaps the required notices needn’t be released (IANAL).