The implementation of P.L.2023, c.266 makes New Jersey the thirteenth state to recognize and act upon the need for greater transparency and accountability with regard to the handling of personal information.
The new data privacy law strengthens consumer rights by requiring businesses to adopt data protection measures and notice requirements to ensure the privacy of sensitive information and give consumers greater control over the management of their personal information.
With few narrow exceptions, the provisions of the new data privacy law are applicable to businesses that determine the purpose and means of processing personal data if the entity conducts business in New Jersey or produces products or services that are targeted to residents of the state, and that during a calendar year either:
- controls or processes the personal information of at least 10,000 consumers (excluding personal data processes for the purpose of completing a payment transaction); or
- controls or processes the personal data of at least 25,000 consumers and derives revenue or receives a discount on the price of any goods or services, from the sale of personal data.
If applicable, a covered business must provide a detailed notice to consumers that includes information regarding what type of personal data is being processed, why it is being processed, to whom the data is being disclosed, and how individuals may contact the business to appeal a decision that has been made regarding their personal data.
In addition, the new data privacy law affords consumers the right to request the correction or deletion of their personal information and the ability to opt out of the processing of their personal information for the purpose of selling the data and targeted advertising or profiling, without fear that the business will discriminate against them for that decision.
New Jersey’s new data privacy law also requires that, beginning six months after the effective date, businesses must allow consumers to opt-out of processing of their personal data by using a user-selected universal opt-out mechanism. Specifications of that mechanism are outlined in the new law and shall continue to be guided by rules and regulations adopted by New Jersey’s Division of Consumer Affairs in the Department of Law and Public Safety.
Moreover, New Jersey’s new data privacy law requires that businesses limit the data collected to that which is adequate, relevant, and reasonably necessary, and that they establish data security practices to protect the collected information.
(This blog, prepared by Campanella Law Office, is for general informational purposes only and is not intended to convey specific legal advice, nor is it intended to create or constitute an attorney-client relationship.)