New Jersey’s Identity Theft Protection Act went into effect on January 1 of this year. The Act was passed in response to the growing concerns of New Jersey residents that personal information has been, and will continue to be, vulnerable to security breaches by unscrupulous parties.
New Jersey’s Identify Theft Protection Act is one of the strongest in the nation. It requires companies operating out of, or conducting business within the state, to (1) immediately contact the State Police; and (2) disclose the breach to its New Jersey customers whenever any suspicious or actual breach of a New Jersey resident’s personal information has occurred. The Act allows residents to contact local authorities whenever there is suspicion that personal information has been breached. The Act requires companies which store personal information to destroy the records containing that information when it is no longer needed. It also mandates that Social Security numbers (which have been identified as being most vulnerable to identity theft) be kept separate from all other personal information.
New Jersey also enables its residents to place a security freeze on their consumer credit reports. No other state, to date, has a provision for security freeze available to their residents. At the time a resident requests a security freeze, the credit reporting agency must assign a unique PIN to that resident’s record. Only the resident can request a temporary (or permanent) lift of the freeze and only after providing the credit reporting agency with the unique PIN and other identifying information. After the freeze is in place, a resident can request a temporary lift for a short period of time or for a specific credit check whenever the resident wants to allow access to credit information.
Although New Jersey residents now have added protections as a result of the Act, the U.S. Congress has a bill pending which may eliminate these protections. HR3997 would diminish the security freeze provision making it applicable to identity theft victims only. It would also make it much less likely that New Jersey residents will be notified when a potential breach occurs, since it gives companies the discretion of whether or not to notify residents. Finally, the Act prohibits any state attorney generals or legislatures from enforcing or enacting identity theft rules and regulations, leaving that responsibility solely in the hands of federal agencies. The majority of the various consumer protection agencies have contacted Congress as well as testified before Congress, requesting major revisions to HR3997 in an effort to eliminate its serious shortfalls.