Years ago you would only read about a data breach once in a blue moon – it was the rare exception. Fortunately, it continues to be the rare exception, but as the world has moved to become fully digital, the frequency of significant data breaches is no longer like finding a four-leaf clover. Every business must anticipate the possibility of a data breach, more a function of the magnitude of the “when” vs. the “if”.
All companies which collect personally identifiable information of consumers (financial information is considered personal information) are subject to the data breach notification rules of each state in which the persons whose data was collected reside. Under New Jersey Rev Statute Sec. 56:8-163, if you sell products or services to a person located in New Jersey and your systems (whether maintained by you or on your behalf by a third party) are compromised, then you are required to provide various notices to the affected individuals and to certain state agencies. Click here for a brief summary.