New Jersey Enacts Comprehensive Data Privacy Legislation: What Business Owners Need to Know
Today, nearly all companies collect and process sensitive personal data—ranging from personal identification information (PII) to demographic data and financial credentials. While there are legitimate reasons for handling personal data, the consequences can be severe if it falls into the wrong hands. Perhaps this is why a wave of state data privacy laws has emerged across the U.S. over the last few years.
As of 2018, only California had passed a comprehensive data privacy law. But by late 2022, over 29 states had data privacy legislation in the works, with more preparing to follow suit. Among this deluge of proposals and enactments is the New Jersey Data Privacy Act, which Governor Phil Murphy signed into law on January 16, 2024, set to take effect on January 15, 2025.
Who Is Affected?
The New Jersey Data Privacy Act applies to individuals and entities, referred to as "controllers" and "processors," involved in collecting and processing sensitive data. Specifically, it covers individuals or businesses that control or process personal data for at least 100,000 consumers (excluding data processed solely for payment transactions) and those that control or process personal data for at least 25,000 consumers and derive revenue from the sale of consumers' personal data.
What Does the Act Do?
The New Jersey data privacy law grants consumers several rights concerning their personal and sensitive data, including:
- The right to confirm whether their data is being processed.
- The right to access their personal data.
- The right to correct inaccuracies in their data.
- The right to delete their personal data.
- The right to obtain a copy of their data in a portable format.
- The right to opt out of data processing for targeted advertising, selling personal data, or profiling that produces legal or similarly significant effects.
How Can Businesses Comply With the Act?
To comply with the Act, businesses should:
- Provide clear and accessible privacy notices detailing data processing activities.
- Obtain consumer consent before processing sensitive data.
- Conduct data protection assessments for processing activities that present a risk of harm to consumers.
Penalties for Non-compliance
The New Jersey Attorney General will enforce the new law through civil actions and injunctive relief under New Jersey's Consumer Fraud Act, which imposes penalties of up to $10,000 for the first violation and up to $20,000 for subsequent violations. Additionally, the act provides a 30-day cure period for companies that discover any violations. However, this reprieve will expire on July 15, 2025.
Conclusion
Are you wondering about any of the issues mentioned above? Please email us at info@wilkinsonlawllc.com or call (732) 410-7595 for assistance.
At Wilkinson Law, we give business owners the clarity they need to fund, grow, protect, and sell their businesses. We are trustworthy business advisors keeping your business on TRACK: Trustworthy. Reliable. Available. Caring. Knowledgeable.®