The great balancing act
Is it in the best interest of the customers of the business owners of New Jersey to have the company that was hacked to decide which parts of my information are sensitive. I would expect most consumers would assume that if some of their data was accessed, all of it was.One measure introduced last month in New Jersey, for instance, would require that customers be alerted if any personal information--even an e-mail addresses or home page address--is acquired by an "unauthorized person." Companies that fail to disclose this can be fined $10,000 for the first offense and $20,000 for the second.
Perhaps an e-mail address or home page address could be as sensitive as a bank account number and PIN, but for most people that seems unlikely. Is such a sweeping definition of "personal" information really in the best interests of business owners in New Jersey?