On May 10, 2019, New Jersey enacted Senate Bill 52 (SB 52). This bill, which will take effect on September 1, 2019, will require disclosure of data breaches that impact usernames, email addresses, and/or other account holder identifying information belonging to residents of the Garden State when combined with any password or security questions and answers.
Previously, businesses and public entities that compiled data belonging to New Jersey residents were required to notify consumers of breaches involving “personal information,” defined to include only Social Security numbers, driver’s license numbers, and/or account, credit card, or debit card numbers in combination with a security code or password necessary for access.
via Data Privacy & Cybersecurity – Lewis Brisbois Bisgaard & Smith LLP.