ASSEMBLY, No. 1080
STATE OF NEW JERSEY
PRE-FILED FOR INTRODUCTION IN THE 2004 SESSION
Assemblyman JOSEPH CRYAN
District 20 (Union)
Assemblyman PETER J. BARNES, JR.
District 18 (Middlesex)
Assemblyman ANTHONY CHIAPPONE
District 31 (Hudson)
Assemblymen Eagler and Gordon
"New Jersey Identity Theft Prevention Act."
CURRENT VERSION OF TEXT
(Sponsorship Updated As Of: 10/8/2004)
An Act protecting consumers from identity theft and supplementing P.L.1997, c.172 (C.56:11-28 et seq.).
Be It Enacted by the Senate and General Assembly of the State of New Jersey:
1. This act shall be known and may be cited as the "New Jersey Identity Theft Prevention Act."
2. The Legislature finds and declares that:
a. the crime of identity theft has become one of the major law enforcement challenges of the new economy, as vast quantities of sensitive, personal information are now vulnerable to criminal interception and misuse;
b. a number of indicators reveal that, despite increased public awareness of the crime, the incidents of identity theft continue to rise;
c. 1,000,000 consumers annually call the Fraud Victim Assistance Department of one national consumer reporting agency, a number that almost doubled from 1997 to 2001;
d. between January and December of 2002, the complaint database operated by the Federal Trade Commission received 380,103 consumer fraud and identity theft complaints, with reported losses from fraud of more than $343,000,000;
e. allegations of identity theft reported to the fraud hotline of the Social Security Administration increased from 11,058 in fiscal year 1998 to 46,480 in fiscal year 2000;
f. in its fiscal year 2000 annual report, the Postal Inspection Service noted that identity theft is a growing trend and the agency's investigations of such crimes has increased by 67 percent since last year;
g. an integral part of many identity crimes involves the interception of personal financial data or the fraudulent acquisition of credit cards or other financial products in another person's name;
h. identity theft is an act that violates the privacy of our citizens and ruins their good names; victims can suffer restricted access to credit and diminished employment opportunities, and may spend years repairing damage to credit histories;
i. credit reporting agencies and issuers of credit should have uniform reporting requirements and effective fraud alerts to assist identity theft victims in repairing and protecting their credit.
3. As used in this act:
"Consumer" means an individual who applies to a financial institution for a product or service.
"Financial institution" means a financial institution as defined in section 527 (4) of the Gramm-Leach-Bliley Act, Pub.L.106-102 (15 U.S.C. § 6827(4)) and its implementing regulations and any State or federally chartered bank, savings bank, savings and loan association, credit union, trust company, mortgage banker, licensed lender or foreign banking corporation that transacts business with consumers in New Jersey.
"Nonpublic personal information" means nonpublic personal information as defined in section 509 (4) of the Gramm-Leach Bliley Act, Pub.L.106-102 (15 U.S.C. § 6809(4)) and its implementing regulations.
4. A financial institution, upon discovering that the confidentiality or security of any nonpublic personal information maintained by the financial institution with respect to a consumer has been compromised in any way by an employee of the financial institution, or through any unauthorized entry into the records of the financial institution shall:
a. promptly notify the consumer of the compromise of the security or confidentiality of such information, and any misuse of such information, that the financial institution discovers or reasonably should discover;
b. provide assistance to the consumer to remedy any such compromise, including correcting and updating information contained in a consumer report relating to such consumer as required pursuant to section 9 of P.L.1997, c.172 (C.56:11-36);
c. reimburse the consumer for any losses the consumer incurred as a result of the compromise of the security or confidentiality of such information, and any misuse of such information, including any fees for obtaining, investigating, and correcting a consumer report of such consumer at any consumer reporting agency; and
d. to provide information concerning the manner in which the consumer can obtain assistance.
5. A financial institution may delay notifying a consumer that the confidentiality or security of any nonpublic personal information of the consumer maintained by the financial institution has been compromised at the request of a law enforcement agency investigating the violation for a limited period of time as the law enforcement agency determines is essential for carrying out the investigation.
6. If any issuer of credit receives a request for an additional credit card with respect to an existing credit account no later than 30 days after receiving notification of a change of address for that account, the card issuer shall:
a. not later than five days after sending the additional card to the new address, notify the cardholder of the request at both the new address and the former address; and
b. provide to the cardholder a means of promptly reporting incorrect changes.
7. Any person who violates the provisions of this act shall be subject to the penalty provisions of either section 11 or 12, or both, of P.L.1997, c.172 (C.56:11-38 and 56:11-39).
8. This act shall take effect immediately.
This bill requires that a financial institution that discovers or reasonably should discover that a consumer's nonpublic personal information maintained by the financial institution was compromised in any way shall promptly notify the consumer of the breach of the security or confidentiality of the information. In addition to promptly notifying a consumer of the security compromise, a financial institution is required to provide assistance to the consumer to remedy any such compromise; to reimburse the consumer for any losses the consumer incurred as a result of the compromise of the security or confidentiality of such information; and to provide information concerning the manner in which the consumer can obtain assistance.
However, a financial institution may delay notifying a consumer of the compromise of the security or confidentiality of the information at the request of a law enforcement agency investigating such violation for a period determined by the law enforcement agency performing the investigation.
Additionally, if an issuer of credit receives a request for an additional credit card for an existing cardholder no later than 30 days after receiving a change of address for the cardholder, the issuer of credit is required to notify the cardholder of the request at the new address and former address no later than five days after sending the additional card to the new address. The issuer of credit shall also provide the cardholder with a means of promptly reporting incorrect changes.
Finally, any violation of this bill shall be punished under either N.J.S.A.56:11-38 or N.J.S.A.56:11-39, or both.