TRENTON – A new law that was signed on Friday will require all health care insurance companies in New Jersey to protect consumer information. Senator Shirley K. Turner (D-Mercer, Hunterdon) and Senator Nia H. Gill (D-Essex, Passaic) sponsored this legislation to protect New Jerseyan’s personal information.
“Customers’ personal information is sacred, and if a company is requiring them to provide sensitive information, then they should make sure it is protected,” said Turner. “These safeguards are long overdue. All insurance companies should make protecting the privacy of its customers, who are required to submit highly personal data, a top priority. "
The law, S562, requires all insurance companies, when compiling or maintaining computer records that include personal information, to secure the information by encryption or by any other method or technology rendering it unreadable, undecipherable, or otherwise unusable by an unauthorized person.
A violation of the law would be considered an unlawful practice and a violation of the consumer fraud law, punishable by a maximum fine of $10,000 for a first offense and $20,000 for a second or any subsequent offense.
Senator Gill, Chairwoman of the Senate Commerce Committee, said that the law provides consumers with expanded protections and greater confidence when disclosing required personal information to insurers.
“With this law, customers will no longer have to take a leap of faith that their personal information will be protected when they turn it over to insurance companies,” said Gill. "By requiring that data is encrypted, consumers should have confidence that their social security numbers and other personal details are more secure."
Senator Turner sponsored similar legislation in 2008 after learning of the theft of an unencrypted laptop computer that contained the names, social security numbers and other personal information of more than 300,000 of Horizon members. At the time, Horizon claimed the laptop was password protected and had other security features, but that the data was not encrypted.
In December 2013, two unencrypted laptop computers were stolen from Horizon’s headquarters. The data included names, demographics (address member ID number, date of birth), limited clinical information and in some instances social security numbers. Approximately 839,711 members were affected.