NJ Governor Passes Data Privacy Act
2/28/2024
On January 16, 2024, Governor Phil Murphy signed into law the New Jersey Data Privacy Act, P.L.2023, C.266. The new law places certain obligations on “controllers” conducting business in New Jersey or producing products or services targeted to New Jersey residents and on “processors.” Controllers are legal entities that (alone or jointly with others) determine the purpose and means of processing personal data, and “processors” are individuals, entities or agencies that process personal data on behalf of the controller. The law applies to controllers who (i) control or process personal data of at least 100,000 consumers (except personal data processed solely for completing a transaction), or (ii) control or process the personal data of at least 25,000 consumers while deriving revenue or receiving a discount on the price of any goods or services from selling personal data.
In brief summary and in part, controllers must provide a comprehensive privacy notice to consumers containing certain key elements and information, and processors must assist the controller (i) in taking measures to assist the controller in responding to consumer requests, (ii) with security in processing personal data, and (iii) in providing information to the controller to conduct and document data protection assessments.
Related Practices: Healthcare Law
Related Attorney: Lani M. Dornfeld, Jonathan J. Walzman
Related Industry: Healthcare