Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Newark, N.J.-Businesses are scrutinizing their record-keeping procedures now that a New Jersey law, effective on Jan. 1, creates a risk of civil liability for failure to safeguard consumers’ personal data. And lawyers on both sides of the aisle are lining up for new business. The Identity Theft Protection Act sets tough rules for handling records that contain individuals’ names along with Social Security numbers, drivers’ license numbers, state ID card numbers, credit or debit card numbers or any other account number permitting access to individuals’ finances. Most notably, it creates an individual cause of action against violators-with potential awards of treble damages and attorney fees if companies willfully or negligently fail to comply with its requirements. That provision has lawyers predicting a new wave of suits against corporations for breaches of data security. Among its salient provisions: Businesses and public entities that compile Social Security numbers must promptly disclose, in writing, any breach of security to any person whose personal data are or may have been accessed by an unauthorized person. Businesses must take reasonable measures to dispose of records in a way that would prevent their interception, such as shredding paper records or erasing or destroying electronic media so the records cannot be read or reconstructed. “I think it has some very wide-ranging implications,” said Wendy Lario, an employment lawyer whose firm, Pitney Hardin in Florham Park, N.J., is sending out client advisories about the Identity Theft Protection Act and has put together an information security audit program to help clients comply. “For smaller or midsized companies, it may be burdensome to meet these requirements.” Thomas Muccifori, a commercial litigator, said business clients have been nervously calling his firm, Archer & Greiner in Haddonfield, N.J., concerned principally about the individual cause of action. The act is broadly worded and leaves unanswered such questions as whether a New Jersey consumer has a claim when a security breach occurs in another state, Muccifori said. Federal legislation may soon supersede New Jersey’s law. Congress is expected to enact its own identity theft protection law in the next term. The bill, S. 1408, contains many of the same protections as New Jersey’s law but does not confer a private right of action. Industry lobbyists pushed Congress to enact a law because national corporations dislike having to comply with a patchwork of varying state laws, said Scott Christie, an information technology litigator at McCarter & English in Newark.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.