What You Need to Know about New Jersey’s New Consumer Data Privacy Law

In an age where digital footprints are as extensive as physical ones, consumer data privacy has become a hot-button issue garnering attention from legislators nationwide and leaders around the globe. New Jersey is the latest state to step into the arena with the enactment of its own comprehensive Consumer Data Privacy Law.

On January 16, 2024, Gov. Phil Murphy signed Senate Bill 332 [Sixth Reprint] into law. He said:

“[S332] requires certain businesses, or “controllers” under the bill, to notify consumers of the collection, disclosure, and sale of their personal information and to provide consumers with an ability to opt-out of that in certain circumstances. This bill imbues rights to the consumer relating to their personal data, specifically, the right to access, correct, and delete information, and to opt-out of the collection, disclosure, or sale of their information under certain circumstances. The bill further outlines the controller’s obligations as relating to personal data retention, sale, and use, including mandating that the controller must limit the collection of personal data to what is adequate, relevant, and reasonably necessary and requiring that the controller specify the express purposes for which personal data is processed.”

All companies, including law firms based in or having clients within New Jersey, are now entering a new frontier of data compliance and regulation.

What is the New Jersey Consumer Data Privacy Law?

The New Jersey Consumer Data Privacy Law is legislation aimed at protecting the personal information of New Jersey residents. Inspired by the likes of California’s CCPA and the EU’s GDPR, this law sets stringent guidelines for data collection, processing, and protection. It gives consumers newfound rights over their data—including access to information, the ability to request deletion, and the option to opt-out of certain data uses.

Particulars of the law spell out which businesses are affected, the categorization of personal information, and potential repercussions for non-compliance. The law is a clear indicator of New Jersey’s staunch commitment to ensuring its resident’s private data remains just that—private.

According to Today’s General Counsel, “One of the most significant aspects of the law is that it grants the Director of the Division of Consumer Affairs in the Office of the Attorney General the power to make rules. This authority is only held by a few states.” The Act also “expands the definition of biometric data to include biological, physical, or behavioral characteristics,” which other states do not do.

How It Affects Businesses and Law Firms in New Jersey and those Collecting NJ Residents’ Data

The law’s enactment is not just a warning bell for tech giants and data behemoths but for all entities conducting business in New Jersey. Whether you are a retailer, service provider, or a law firm, if you’re collecting data from New Jersey residents, this law applies to you.

For law firms, this might mean shoring up internal data policies or advising clients on compliance strategies. Understanding the law’s demands—be it the consent requirement for data collection or procedures for responding to consumer data requests—is pivotal.

This legal update alters the operating landscape, increasing the liability for mishandling client data and requiring penalties for non-compliance. Law firms must not only comply but also serve as navigators for their clients through this complex regulatory environment.

What Businesses and Law Firms Need to Do as a Result of the NJ Consumer Data Privacy Law

Compliance should be the watchword here. The following are actions that businesses, aided by the advisory role of law firms, should take to align with New Jersey’s Consumer Data Privacy Law:

1. Conduct a Data Inventory: Understand what data you collect, how it’s processed, and where it’s stored. Consider conducting a comprehensive audit to map out all dataflows across your organization.
2. Update Privacy Policies: Ensure that your privacy policies are updated to reflect the rights and privileges granted to users under the new law. Transparency is key.
3. Implement Consumer Rights Procedures: Establish processes that allow consumers to access, correct, delete, or export their personal data. Train client service, marketing, and comms professionals on how to manage such requests.
4. Revise Vendor Agreements: Where third-party vendors engage in data processing, review your agreements to make sure they adhere to the requirements of the law.
5. Enhance Data Security Measures: Beef up your cybersecurity to prevent breaches. Under the statute, businesses have a heightened duty to protect personal information.
6. Educate Stakeholders: From the C-suite to entry-level employees, make sure that everyone in the company understands the implications of the law and their role in ensuring compliance.

For law firms, staying abreast of these legislative changes is crucial. They must be prepared to offer guidance on establishing data governance frameworks, adapting to the law’s requirements, and even representing clients in the face of litigation stemming from potential breaches.

Adapting to New Jersey’s Consumer Data Privacy Law is not just about regulatory compliance; it’s a step towards fostering trust and transparency in an increasingly skeptical digital world. Businesses—and the law firms that guide them—have the opportunity to lead by example, showing that they value and protect their consumers’ data.

Other States’ Consumer Data Protection & Privacy Laws

• California Consumer Privacy Act
• Connecticut Data Privacy Act
• Colorado Privacy Act
• Delaware Personal Data Privacy Act
• Florida Digital Bill of Rights
• Indiana Consumer Data Privacy Act
• Iowa Consumer Data Protection Act
• Montana Consumer Data Privacy Act
• Oregon Consumer Privacy Act
• Tennessee Information Protection Act
• Texas Data Privacy and Security Act
• Utah Consumer Privacy Act
• Virginia Consumer Data Protection Act

Remember:

• Stay Informed: Keep up with the latest developments regarding consumer data privacy laws in New Jersey and elsewhere.

• Be Proactive: Don’t wait for compliance deadlines. Start adapting your practices to meet the law’s requirements now.

• Promote Transparency: Make honesty and openness about data practices your company culture.