Described as one of the nation's toughest laws, the New Jersey Identity Theft Protection Act came into effect on Jan. 1, 2006 in the state of New Jersey. Commercial enterprises are now calculating the costs of bringing their businesses into line with the new law.
The New Jersey law obliges commercial enterprises to safeguard customer information and to destroy it if it's no longer needed. As the name suggests, the New Jersey Identity Theft Protection Act is designed to make it a lot harder for criminals to hijack someone's identity.
Both business and society generally welcome the changes as a necessary crime-fighting tool, and agree it will make identity theft much harder. But companies fear compliance may prove too costly, especially for smaller businesses.
Experts point out that larger companies already have mechanisms in place to comply with the new law, or they can afford to introduce them. Small firms, however, could be in for a shock.
The new act will sweep away long-established work practices such as using Social Security numbers as client identifiers, and if sensitive customer information is compromised, then companies must notify the affected individuals.
The act also forces companies to destroy all kinds of personal customer information they may have on file – including names and addresses, driver's license numbers and other identifying data – after it's no longer needed. But that doesn't mean an employee can just rip up documents or press the “delete" key on a computer. The new law stipulates the use of shredders, and electronic data have to be effectively wiped clean to minimize the chances of the information being retrieved.
Just tracking down and sifting through all the data from among years of paper or computer records could turn out to be a full-time job. Businesses will need to hire qualified specialists who will probably command a salary approaching a six-figure sum per year, something smaller firms without such people already in place are likely to baulk at.
But the risks of not adhering to the New Jersey Identity Theft Protection Act could prove to be even more costly. A company that violates the law's security-breach provisions may be liable under the New Jersey Consumer Fraud Act. That means the state, as well as individuals, may file a lawsuit seeking damages.
The fact that many small companies still don't know about the strict new law could create even more problems, according to some experts. These companies may be caught out by the New Jersey Identity Theft Protection Act in the very near future, and suffer the consequences.
“With the help of legislative changes, the New Jersey state authorities have, to all intents and purposes, forced businesses to protect private data. Hundreds of the large-scale leaks that were registered in 2005 were the direct result of the uncontrolled turnover of personal information. Companies stored and amassed hundreds of thousands and even millions of records despite the fact they were no longer needed. That's where the new law should bring some order, at least in one state, albeit at a price for commercial enterprises," maintains Denis Zenkin, marketing director at InfoWatch.
Source: NJBIZ