NJ Close To Passing Tougher Regulation on Data Breaches

October 29, 2014 – In The News
Philadelphia Business Journal

Scott L. Vernick was quoted in the Philadelphia Business Journal article, “NJ Close To Passing Tougher Regulation on Data Breaches.” Full text can be found in the October 29, 2014, issue, but a synopsis is below.

The New Jersey Assembly panel last week cleared a bill that says business and public entities must notify consumers of breaches involving usernames and email addresses, in combination with a password or security question-and-answer.

According to noted privacy attorney Scott L. Vernick, the proposed legislation is simply catching up to best practices in the industry.

“For the most part, all enterprises have already been doing this,” he said.

Vernick added that the bill is an attempt to address the current breach situation, where cyber criminals are looking for passwords and not just bank account information, “because people have a tendency to use the same password for a number of accounts.”

While the legislation may be a good thing for residents of New Jersey, Vernick noted that for businesses “it may not be as welcomed…because this obviously extends the scope of what they need to do.”

“It just increases the cost of doing business,” Vernick added.

Either way, businesses and consumers should get used to it, according to Vernick.

“I think for the foreseeable future…the regulatory environment will be particularly intense,” he said.