New Jersey Passes Data Encryption Law
New Jersey recently joined a growing list of states that have expanded the reach of their data breach laws.
In January, New Jersey’s Governor Christie signed a law requiring health insurance carriers to protect certain information – either by encryption or “by any other method or technology rendering it unreadable, undecipherable, or otherwise unusable by an unauthorized person”. That information being: “Personal information” – further defined as an individual’s first name or first initial and last name linked with any one or more of the following data elements:
- Social Security number;
- Driver’s license number, or state identification card number;
- address; or
- Identifiable health information.
This is also known as PHI (protected health information) or PII (personally identifiable information), both valuable commodities on the black market. Effective August 1, 2015, the legislation can be viewed in all its glory here: http://www.njleg.state.nj.us/2014/Bills/S1000/562_R1.PDF.
So what prompted this change in legislation? The rising number of data breaches in the state of New Jersey, including the 2013 Horizon Blue Cross Blue Shield of New Jersey data breach that affected 840,000 individuals.
While DataMotion is focused on securely delivering sensitive data (aka – data in motion), we are connected with some outstanding organizations that provide the complementary security and encryption of data at rest – and we look forward to helping all organizations in the healthcare industry increase their protection against the rising threat of data breach, non-compliance fines and their good reputations.