On Monday, December 4, 2017, the Assembly Homeland Security and State Preparedness Committee will consider A-5206 (Quijano), which requires individuals and business entities, such as corporations, associations, and partnerships, that own or license personal information about New Jersey residents to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are necessary to protect the personal information. The bill would also apply to third-party service providers that contract with the business owners of the personal information. The bill requires the security program to establish and maintain a security system covering computers and any wireless system. The program would need the following minimum elements:
- Secure user authentication protocols
- Secure access control measures
- Encryption of all transmitted records and files containing personal information that will travel across public networks and encryption of all data containing personal information to be transmitted wirelessly
- Reasonable monitoring of systems for unauthorized use of or access to personal information
- Encryption of all personal information stored on laptops or other portable devices; for files connected to the Internet, reasonably up-to-date firewall protection and operating system security patches that can maintain their integrity
- Reasonably up-to-date versions of system security agent software including malware protection and reasonably up-to-date patches and virus definitions, or a version that is set to receive the most current security updates on a regular basis
- Education and training of employees on the proper use of the computer security system and the importance of personal information security
The bill imposes penalties under the New Jersey consumer fraud law (treble damages and attorney's fees) for violations.
Please feel free to reach out to me if you have any comments or questions.