Current through Register Vol. 56, No. 23, December 2, 2024
Section 10A:22-1.5 - Identity theft prevention and reporting(a) Pursuant to the Identity Theft Prevention Act at 56:11-44 et seq. and definitions relative to the security of personal information at 56:8-161, in order to prevent identity theft, Departmental staff shall be responsible for safeguarding "personal information" as this term is defined in 10A:1-2.2. Additionally, Departmental staff shall be responsible for taking reasonable steps to ensure that all records containing personal information are not lost, stolen, inappropriately accessed or released, and for complying with any related internal management procedures.(b) In the event that an incident that may constitute a breach of security is suspected or discovered, the staff member discovering the suspected breach of security shall report same to their immediate supervisor. Supervisory/administrative staff shall ensure that any such incident is reported through the administrative chain of command to the Commissioner. For purposes of rules regarding identity theft, "breach of security" means unauthorized access to electronic files, media or data containing personal information that compromises the security, confidentiality or integrity of personal information when access to the personal information has not been secured by encryption or by any other method or technology that renders the personal information unreadable or unusable. Good faith acquisition of personal information by an employee for a legitimate business purpose is not a breach of security, provided that the personal information is not used for a purpose unrelated to Departmental business or subject to further unauthorized disclosure.(c) All reports related to identity theft shall be provided to the Commissioner or designee in accordance with internal management procedures. The Commissioner or designee shall report the incident of identity theft to the Department of Law and Public Safety, Division of State Police for investigation and handling as appropriate.N.J. Admin. Code § 10A:22-1.5
New Rule, R.2007 d.64, effective 2/20/2007.
See: 38 N.J.R. 4622(b), 39 N.J.R. 652(b).