Amend the New Jersey Data Breach Notification Law
Without a national data breach notification law, many states have passed legislation that mandates that businesses notify consumers when there has been a breach of their personally identifying information. New Jersey’s law should be reformed to provide additional clarity to consumers. Most notably, notification should be tailored to the type of breach that occurred by providing step-by-step directions for what can done to mitigate the risk of identity theft. It would also be beneficial to color-code the notification based upon the type of breach. Consumers are increasingly inundated with breach notifications and it is easy to dismiss the consequences of a breach if the severity of the breach is not easily ascertainable.
Support the Data Broker Accountability and Transparency Act
In 2015, Senator Edward J. Markey (D-MA) introduced the Data Broker Accountability and Transparency Act, a bill that had originally been proposed by Senator John D. Rockefeller, IV (D-WV). The proposed legislation regulates data brokers, defined as “a commercial entity that collects, assembles, or maintains personal information concerning an individual who is not a customer or an employee of that entity in order to sell the information or provide third party access to the information.” Specifically, the bill requires that data brokers establish procedures to ensure the accuracy of the information it collects and ensures that consumers are able to review the information collected about them. In addition, the bill allows consumers to opt-out of having their information used for marketing purposes and calls for the establishment of a central website that would list data brokers subject to the law. This bill would represent a giant leap forward for consumers and the Initiative hopes that the legislation will be introduced into the 115th Congress.
That being said, the legislation would be improved by providing for a website that would allow individuals to centrally opt-out of all collection and dissemination of their personal information. Patterned on the National Do-No Call Registry, a central opt-out mechanism would ensure that an individual would not have to manually opt-out of hundreds of data broker websites or services.
Advocate to limit Social Security Number use
Social security numbers have become the de facto national identification system. Individuals are asked to disclose their social security number seemingly on a daily basis to banks, doctors’ offices, insurance and credit card companies and to government agencies, among others. All it takes is one breach and a person’s social security number could become compromised. A stolen social security number has serious consequences and can, for example, lead to credit problems and delays in obtaining tax refunds. The social security number was never intended to be utilized so broadly. In order to protect against the increasing problem of identity theft, the government should place limits on when, where and how social security numbers can be used and requested.