ICI Strongly Opposes New Jersey Data Security Proposal

Washington, DC, June 20, 2007 - The Institute strongly opposes a state of New Jersey proposal that seeks to implement the provisions of the Identity Theft Prevention Act, finding the regulations within the proposal inconsistent with the Division's authority and misguidedly imposing a "one-size-fits-all" approach to data security.

Background
ICI members have long taken seriously their obligation to protect the confidentiality and integrity of non-public consumer information. Indeed, the report recently issued by the President's Identity Theft Task Force, Combating Identity Theft, noted that the SEC "has actively examined securities firms to determine whether they have policies and procedures reasonably designed to protect their customers from identity theft [and] has not yet found any deficiencies during its examinations that warranted formal enforcement actions."

ICI Position
ICI filed a June 14 comment letter expressing serious concerns with the New Jersey Division of Consumer Affairs proposal and the impact it will have on ICI members and other entities transacting business in New Jersey. Of primary concern, ICI believes the state`s proposal attempts to wholly rewrite provisions of the Identity Theft Prevention Act, noting numerous instances where the implementing regulations bear no rational relationship to the Act.

ICI also expressed substantive concerns with other aspects of the proposal, such as provisions relating to disclosure of a breach in security. For example, one provision would unrealistically require the Division of State Police to be notified of a breach within six hours "following discovery or notification of the breach," and customers to be notified no more than 24 hours after notification to the Division of State Police.

Related Links
This site includes sections focusing on state laws and regulations as well as privacy issues affecting funds and their shareholders.