| Summary: |
Implementation of a proper cyber risk management policy (“CRM Policy”) is critical to the practical and legal viability of New Jersey businesses. Currently, New Jersey law provides that businesses that experience a data breach are required to notify all impacted parties, including consumers, vendors, and law enforcement. At first glance, this mandatory disclosure rule appears to be a reasonable response to cybercrime. Unfortunately, in practice, this rule has created numerous unintended consequences, leading to precarious commercial and legal situations for New Jersey businesses. |
