Assemblyman HERB CONAWAY, JR.
District 7 (Burlington and Camden)
Assemblyman PAUL D. MORIARTY
District 4 (Camden and Gloucester)
Assemblyman JON M. BRAMNICK
District 21 (Essex, Morris, Somerset and Union)
Establishes the “Anti-Phishing Act.”
CURRENT VERSION OF TEXT
An Act concerning the solicitation of certain information on the Internet and supplementing P.L.1960, c.39 (C.56:8-1 et seq.).
Be It Enacted by the Senate and General Assembly of the State of New Jersey:
1. This act shall be known and may be cited as the “Anti-Phishing Act.”
2. As used in this act:
“Electronic mail message” means a message sent to a unique destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox and a reference to an Internet domain, whether or not displayed, to which an electronic mail message can be sent or delivered.
“Internet” means collectively the myriad of computer and telecommunications facilities, including equipment and operating software, which comprises the inter-connected word-wide network of networks that employ the Transmission Control Protocol/Internet Protocol, or any predecessor or successor protocols to that protocol, to transmit information.
“Personal information” means an individual's first name or first initial and last name linked with any one or more of the following data elements: (1) Social Security number; (2) driver's license number or State identification card number; or (3) account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. Dissociated data that, if linked, would constitute personal information, is personal information if the means to link the dissociated data were accessed in connection with access to the dissociated data.
“Web page” means a location, with respect to the world wide web, that has a single uniform resource locator or other single location with respect to the Internet.
3. No person shall, by means of a web page, electronic mail message, or otherwise through the use of the Internet, solicit, request, or take any action to induce another person to provide personal information by representing oneself, either directly or by implication, to be a business without the authority or approval of that business.
4. It shall be an unlawful practice and a violation of P.L.1960, c.39 (C.56:8‑1 et seq.) to violate the provisions of this act.
5. The Director of the Division of Consumer Affairs in the Department of Law and Public Safety shall promulgate regulations pursuant to the "Administrative Procedure Act," P.L.1968, c.410 (C.52:14B‑1 et seq.), to effectuate the provisions of this act.
6. This act shall take effect on the 180th day following enactment.
The term “phishing” refers to an activity characterized by attempts to fraudulently acquire an individual’s personal information by masquerading as a trustworthy business. This bill establishes the “Anti-Phishing Act” to prohibit that activity and is modeled after similar legislation introduced in New York and California, among other states.
The bill makes it an unlawful practice for any person, by means of a web page, electronic mail message, or otherwise through the use of the Internet, to solicit, request, or take any action to induce another person to provide personal information by representing oneself, either directly or by implication, to be a business without the authority or approval of that business.
A violation of this bill's provisions is an unlawful practice and a violation of the consumer fraud act, P.L.1960, c.39 (C.56:8-1 et seq.). Thus, any person who violates any of the provisions of the bill is liable to a penalty of not more than $10,000 for the first offense and not more than $20,000 for the second and each subsequent offense.