(Bloomberg) -- New York Attorney General Eric Schneiderman proposed what he called “the strongest” data security law in the nation to combat an increase in the theft of personal information online, including a breach at JPMorgan Chase & Co.
Schneiderman plans to propose a bill expanding the definition of private information to include e-mail addresses in combination with passwords or other data that would permit access to online accounts. It would also require companies that store information to have security measures in place will be proposed to legislators in Albany, the attorney general said in a statement yesterday.
“It’s long past time we updated our security laws and expanded protections for consumers,” Schneiderman said. “Our new law will be the strongest, most comprehensive in the nation.”
Almost all states, including New York, have laws in place requiring companies to notify consumers when sensitive data is breached, according to the National Conference of State Legislatures. Most of those laws are designed to protect only certain kinds of personal data such as Social Security numbers and driver’s license or state identification numbers, according to the organization.
Schneiderman’s bill proposal followed President Barack Obama on Jan. 13 calling for new laws requiring companies to disclose instances when they’ve been hacked and preventing companies from profiting from student data. Obama’s proposal came after breaches at Sony Corp.’s entertainment unit and Target Corp.
Federal Mandate
While there are some industry-specific regulations, there is currently no general federal mandate requiring notification when consumers’ data is breached.
A group of 19 attorneys general including Schneiderman are seeking more information by Jan. 23 from JPMorgan about its breach, including whether any of the compromised information has been connected with fraud, according to a letter dated Jan. 8, which was obtained by Bloomberg News.
The group pressed for “any vulnerability exploited in connection” and the company’s efforts to probe and mitigate the damages, according to the letter.
“This incident raises concerns about the security of our states’ residents’ private information in the hands of JPMC,” the group said in the letter. “Further, critical facts about the intrusion remain unclear, including details concerning the cause of the breach and the nature of any procedures adopted or contemplated to prevent further breaches.”
JPMorgan, the biggest U.S. bank, said in October that a data breach by hackers affected 76 million households and 7 million small businesses, with customer names, addresses, phone numbers and e-mail details taken.
Copyright 2018 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
