(Bloomberg) -- New York Attorney General Eric Schneidermanproposed what he called “the strongest” data security law inthe nation to combat an increase in the theft of personalinformation online, including a breach at JPMorgan Chase& Co.

|

Schneiderman plans to propose a bill expanding the definition ofprivate information to include e-mail addresses in combination withpasswords or other data that would permit access toonline accounts. It would also require companies that storeinformation to have security measures in place will be proposed tolegislators in Albany, the attorney general said in a statementyesterday.

|

“It’s long past time we updated our security laws and expandedprotections for consumers,” Schneiderman said. “Our new law will bethe strongest, most comprehensive in the nation.”

|

Almost all states, including New York, have laws in placerequiring companies to notify consumers whensensitive data is breached, according to the NationalConference of State Legislatures. Most of those laws are designedto protect only certain kinds of personal data such asSocial Security numbers and driver’s license or stateidentification numbers, according to the organization.

|

Schneiderman’s bill proposal followed President Barack Obama onJan. 13 calling for new laws requiring companies to discloseinstances when they’ve been hacked and preventing companies fromprofiting from student data. Obama’s proposal came afterbreaches at Sony Corp.’s entertainment unit and Target Corp.

|

Federal Mandate

|

While there are some industry-specific regulations, there iscurrently no general federal mandate requiring notification whenconsumers’ data is breached.

|

A group of 19 attorneys general including Schneiderman areseeking more information by Jan. 23 from JPMorgan aboutits breach, including whether any of the compromisedinformation has been connected with fraud, according to a letterdated Jan. 8, which was obtained by Bloomberg News.

|

The group pressed for “any vulnerability exploited inconnection” and the company’s efforts to probe and mitigate thedamages, according to the letter.

|

“This incident raises concerns about the security of our states’residents’ private information in the hands of JPMC,” the groupsaid in the letter. “Further, critical facts about the intrusionremain unclear, including details concerning the cause ofthe breach and the nature of any procedures adopted orcontemplated to prevent further breaches.”

|

JPMorgan, the biggest U.S. bank, said in October thata data breach by hackers affected 76 million householdsand 7 million small businesses, with customer names, addresses,phone numbers and e-mail details taken.

|

Copyright 2018 Bloomberg. All rightsreserved. This material may not be published, broadcast, rewritten,or redistributed.

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

  • All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
  • Educational webcasts, resources from industry leaders, and informative newsletters.
  • Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.