Let's Connect
  • Sales Chat
  • Remote Session
  • 877-394-4368 877-394-4368
  • Login
  • IT Consulting
  • Software Development
  • Cloud
  • About
  • Contact
  • Support
Menu
  • IT Consulting
  • Software Development
  • Cloud
  • About
  • Contact
  • Support
Search
Login
  • All Posts

Archives

View Archives
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016

Categories

Categories
  • Announcements
  • Apple
  • Applications
  • Arctic Wolf Networks
  • Azure
  • Backup and Disaster Recovery
  • Business Continuity
  • BYOD
  • Cloud Computing
  • Compliance
  • Coronavirus
  • COVID-19
  • Cryptocurrency
  • Customer Service
  • Cybersecurity
  • DFARS
  • Dynamics NAV Hosting
  • Firewall-as-a-Service
  • HIPAA
  • iOS
  • IT Best Practices
  • IT Expenses
  • IT Outsourcing
  • IT Security
  • Legal Vertical
  • Linux
  • Managed IT Services
  • Medical, EMR, EHR
  • Microsoft Azure
    • Powershell
  • Microsoft Power Platform
  • Mobile
  • Mobile Computing
  • New Jersey
  • New York City (NYC)
  • Office 365
  • PCI
  • Rancho Cucamonga Location
  • Rant
  • Regulatory Compliance
  • SharePoint
  • SiteLink
  • Small Business
  • SOCaaS
  • Software Development
  • Sort of Technical
  • Tools/Utilities
  • Troubleshooting
  • Ubuntu
  • Uncategorized
  • Very Technical
  • Virtualization
  • Windows Surface
  • Windows Virtual Desktop (WVD)
  • Announcements
  • Apple
  • Applications
  • Arctic Wolf Networks
  • Azure
  • Backup and Disaster Recovery
  • Business Continuity
  • BYOD
  • Cloud Computing
  • Compliance
  • Coronavirus
  • COVID-19
  • Cryptocurrency
  • Customer Service
  • Cybersecurity
  • DFARS
  • Dynamics NAV Hosting
  • Firewall-as-a-Service
  • HIPAA
  • iOS
  • IT Best Practices
  • IT Expenses
  • IT Outsourcing
  • IT Security
  • Legal Vertical
  • Linux
  • Managed IT Services
  • Medical, EMR, EHR
  • Microsoft Azure
    • Powershell
  • Microsoft Power Platform
  • Mobile
  • Mobile Computing
  • New Jersey
  • New York City (NYC)
  • Office 365
  • PCI
  • Rancho Cucamonga Location
  • Rant
  • Regulatory Compliance
  • SharePoint
  • SiteLink
  • Small Business
  • SOCaaS
  • Software Development
  • Sort of Technical
  • Tools/Utilities
  • Troubleshooting
  • Ubuntu
  • Uncategorized
  • Very Technical
  • Virtualization
  • Windows Surface
  • Windows Virtual Desktop (WVD)

Microsoft
Cisco
HP
Lenovo
StorageCraft
VMware
Extreme Networks
Dell PartnerDirect
SonicWall
Home "On IT" Blog September 7th, 2018

Obligations Under New Jersey Breach Data Notification Laws

New Jersey Rev Statute Sec. 56:8-163

Posted on September 7th, 2018 in Compliance, Cybersecurity



Years ago you would only read about a data breach once in a blue moon – it was the rare exception. Fortunately, it continues to be the rare exception, but as the world has moved to become fully digital, the frequency of significant data breaches is no longer like finding a four-leaf clover. Every business must anticipate the possibility of a data breach, more a function of the magnitude of the “when” vs. the “if”.

All companies which collect personally identifiable information of consumers (financial information is considered personal information) are subject to the data breach notification rules of each state in which the persons whose data was collected reside.  Under New Jersey Rev Statute Sec. 56:8-163, if you sell products or services to a person located in New Jersey and your systems (whether maintained by you or on your behalf by a third party) are compromised, then you are required to provide various notices to the affected individuals and to certain state agencies.   A brief summary follows.

What constitutes Personal Information?  Personal information (“PI”) means an individual’s first name or first initial and last name linked with any one or more of the following data elements: (1) Social Security number; (2) driver’s license number or State identification card number; or (3) account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account. Dissociated data that, if linked, would constitute personal information is personal information if the means to link the dissociated data were accessed in connection with access to the dissociated data. It is important to note that the definition of personal information is broadly construed – the goal of the statute is to protect affected individuals and thus, if certain information is disclosed but other information listed in the definition of Personal Information is not, the state will very likely take the position that breach notification is nonetheless required.

What constitutes a Breach of Security? A breach of security (“Breach”) occurs when any unauthorized access to electronic files, media or data containing PI that compromises the security, confidentiality or integrity of PI when access to the PI has not been secured by encryption or by any other method or technology that renders the personal information unreadable or unusable.

What are your obligations?

Investigation and Notice to the Authorities:  In the event of a Breach, an investigation is required.  The entity must notify the Division of State Police in the Department of law and Public Safety. They will conduct an investigation and, if it is determined necessary, refer the matter to other law enforcement authorities.

Notice to your Customers:  If the investigation concludes that PI was, or is reasonably believed to have been, accessed by an unauthorized party, notice must be given to its customers “in the most expedient time possible and without unreasonable delay consistent with the legitimate needs of law enforcement… and restoring reasonable integrity of the data system”.

Notice: Notice may be given by 1) written notice, 2) electronic notice as long as certain guidelines are followed, or, 3) “substitute” notice (conspicuous posting on the Internet or via a major Statewide media) in the event that it is determined the cost of notice to individual consumers would be in excess of $250,000, or the number of individuals to be noticed exceeds 500,000.

What should the notice state?  While there are no specific requirements in New Jersey, the Notice should provide a description of the circumstances of the Breach, what has been done to resolve the Breach, and what a consumer can reasonably do to protect themselves.

For more information, go to:  https://www.cyber.nj.gov/data-breach-notifications/

Kurt D. Olender is the founding and managing partner of the firm, OlenderFeldman LLP where he specializes in corporate law and related commercial areas of practice.

Headshot photo of Kurt D. Olender, Esq.

Kurt Olender Esq.

Our Core Values:
  • We are always 100% committed to our customers' needs.
  • We value charity and goodwill.
  • We realize there are no shortcuts to true excellence.
  • We believe in the power of teamwork and collaboration.
  • We honor the golden rule.
  • We are humble.
  • We value transparency.
  • We are honest and value integrity.
  • We lead by example.
  • We value continuous education.
  • We value innovation and forward-thinking.
  • We foster a passion for life, work and everything in between.
  • We discourage negativity.

More About Us

Exigent Technologies LLC is a full-service information technology consulting firm that implements and maintains high-performance IT systems for small and medium-sized organizations in a wide range of industries. Regardless of their size, today’s companies rely on anytime, anywhere access to information—and Exigent delivers.
read more

Want To Find Out More?









    • IT Support & Consulting Services
    • Software Development
    • Cloud
    • About
    • Contact
    • Client Support
    • Areas Served
    • Make a Payment

    Sign Up For Updates

    IT Services, IT Consultants and Cloud Computing | New Jersey | New York City
    55 Madison Avenue, STE 400, Morristown, NJ 07960 | 845 3rd Ave FL 6, New York, NY 10022

    Copyright 2021. Exigent. All rights reserved. Sitemap Privacy Policy|WordPress Website Produced by: Inverse Paradox

    Facebook Twitter LinkedIn YouTube Glassdoor Instagram