TRENTON – Legislation sponsored by Senator Shirley K. Turner (D-Mercer, Hunterdon) and Senator Nia H. Gill (D-Essex, Passaic) that would require all health care insurance companies to protect consumer information cleared the Senate Commerce Committee today.
“People should not be afraid to provide their personal information – information that is often required – to their insurance company,” said Turner. “These kinds of protections should have been put in place by companies long ago. Protecting the privacy and well being of your consumers should be a top priority.”
The bill, S562, would require all insurance companies, when compiling or maintaining computer records that include personal information, to secure the information by encryption or by any other method or technology rendering it unreadable, undecipherable, or otherwise unusable by an unauthorized person.
A violation of the law would be considered an unlawful practice and a violation of the consumer fraud law, punishable by a maximum fine of $10,000 for a first offense and $20,000 for a second or any subsequent offense.
Senator Turner sponsored similar legislation in 2008 after learning of the theft of an unencrypted laptop computer that contained the names, social security numbers and other personal information of more than 300,000 of Horizon members. At the time, Horizon claimed the laptop was password protected and had other security features, but that the data was not encrypted.
In December 2013, two unencrypted laptop computers were stolen from Horizon’s headquarters. The data included names, demographics (address member ID number, date of birth), limited clinical information and in some instances social security numbers. Approximately 839,711 members were affected.
Senator Gill, Chairwoman of the Senate Commerce Committee, said that the bill provides consumers with expanded protections.
“Insurance companies are trusted with sensitive personal details, and customers should not have to worry about the security of their personal information,” said Gill. “By requiring companies to secure this data through encryption, consumers will be assured that their information is protected.”
The bill passed by a vote of 5-0, with one abstention.