NJ Governor Passes Data Privacy Act

NJ Governor Passes Data Privacy Act - Brach Eichler
BACK TO INSIGHTS     Articles

2/28/2024

On January 16, 2024, Governor Phil Murphy signed into law the New Jersey Data Privacy Act, P.L.2023, C.266. The new law places certain obligations on “controllers” conducting business in New Jersey or producing products or services targeted to New Jersey residents and on “processors.” Controllers are legal entities that (alone or jointly with others) determine the purpose and means of processing personal data, and “processors” are individuals, entities or agencies that process personal data on behalf of the controller. The law applies to controllers who (i) control or process personal data of at least 100,000 consumers (except personal data processed solely for completing a transaction), or (ii) control or process the personal data of at least 25,000 consumers while deriving revenue or receiving a discount on the price of any goods or services from selling personal data.

In brief summary and in part, controllers must provide a comprehensive privacy notice to consumers containing certain key elements and information, and processors must assist the controller (i) in taking measures to assist the controller in responding to consumer requests, (ii) with security in processing personal data, and (iii) in providing information to the controller to conduct and document data protection assessments.

The law also gives consumers certain rights with respect to personal data, including the right to confirm whether a controller accesses and processes their personal data access, the right to correct, the right to delete, the right to obtain a portable copy, and the right to opt out of processing for certain purposes. “Personal data” is defined as “any information that is linked or reasonably linkable to an identified or identifiable person,” but excludes de-identified data or publicly available information. Additional protections apply to “sensitive data,” which is defined as “personal data revealing racial or ethnic origin; religious beliefs; mental or physical health condition, treatment, or diagnosis; financial information, which shall include a consumer’s account number, account log-in, financial account, or credit or debit card number, in combination with any required security code, access code, or password that would permit access to a consumer’s financial account; sex life or sexual orientation; citizenship or immigration status; status as transgender or non-binary; genetic or biometric data that may be processed for the purpose of uniquely identifying an individual; personal data collected from a known child; or precise geolocation data.”

The law will become effective on January 15, 2025 and grants authority to the New Jersey Director of the Division of Consumer Affairs in the Department of Law and Safety to promulgate rules and regulations necessary to implement the law.

Click Here to read the entire February 2024 Healthcare Law Update now!

For more information, contact:
Lani M. Dornfeld, CHPC | 973.403.3136 | ldornfeld@bracheichler.com
Jonathan J. Walzman | 973.403.3120 | jwalzman@bracheichler.com

*This is intended to provide general information, not legal advice. Please contact the authors if you need specific advice.

Related Practices:   Healthcare Law

Related Attorney:   Lani M. Dornfeld, Jonathan J. Walzman

Related Industry:   Healthcare