This Photo by Unknown Author is licensed under CC BY-SA-NC

Client Alert: New Jersey Privacy Act Passed – Key Considerations for Businesses

On January 15, 2024, New Jersey enacted the New Jersey Privacy Act, a comprehensive piece of legislation aimed at safeguarding the privacy rights of individuals within the state. This Client Alert is intended to provide a brief overview of the key provisions of the Act and outline the implications for businesses operating in New Jersey.

The New Jersey Privacy Act represents a significant step towards enhancing consumer privacy protections in the digital age. The Act is designed to give individuals greater control over their personal information and establish clear guidelines for businesses handling such data. Here are some key aspects of the Act:

  1. Scope and Applicability:

The Act applies to businesses that collect, process, or control the personal information of New Jersey residents if the business meets certain revenue or data processing thresholds. A business must comply with the Act if one of two criteria are met: (1) control or process the personal data of at least 100,000 New Jersey residents, or (2) control or process the personal data of at least 25,000 residents and the company derives revenue or receives a discount on the processing of any goods or services, from the sale of personal data. A sale is “sharing, disclosing or transferring data for money or other valuable consideration.” A threshold is not defined based on what data is sold.

  1. Consumer Rights:

The Act grants New Jersey residents several rights over their personal information, including what information is collected and access to that information, correct inaccuracies, deletion of personal data, obtain a copy of personal data in a readily usable and transferrable format, and the ability to opt out for targeted advertising or profiling. Businesses must establish processes to facilitate these rights and respond to consumer requests within specified timeframes.

  1. Financial Information:

Notably included in the Act is a reference to financial information as a form of sensitive data. This includes a consumer’s account number, account login, financial account, or credit or credit card number. Companies are required to obtain consent before processing this information.

  1. Privacy Notice:

The Act requires controllers of information to provide a privacy notice that includes: (1) categories of personal data processed by the controller; (2) purposes for processing personal data; (3) categories of third parties to which personal data is disclosed; (4) categories of personal data that are shared with third parties (if any); (5) how consumers can exercise their rights under the Act and appeal a controller’s decisions as to exercises of such rights; (6) how the controller notifies consumers of material changes to the privacy notice; and (7) an active email address or other online contact mechanism for the controller. The reasoning for collection, and the method to opt out must clearly be present.

  1. Opt-Out Preference:

Under the new Act, controllers of data are required to recognize signals for a request to opt-out of processing of personal data for targeted advertising or sale of personal data. This must begin six months after the act takes effect.

  1. Data Protection Assessments:

The act requires “companies to conduct data protection assessments of “processing that presents a heightened risk of harm to a consumer” before conducting such processing. Such “heightened risk” results from activities such as certain forms of targeted advertising and profiling, sales of personal data, and processing of sensitive data.” Undertaking this processing is essential to compliance with the act.

In addition, the act prohibits processing of personal data when purposes of targeted advertising, sale of personal data, or certain types of profiling without a consumer’s consent where the controller has actual knowledge (or willfully disregards) that a consumer is 13 to 16 years old.

  1. Individual Rights and Children’s Privacy:

Individual rights for consumers are created, which includes the right to confirm whether a controller is processing personal data and access thereto, correcting inaccuracies, right to deletion, opt-out rights for targeted advertising, sale or profiling.

The New Jersey Privacy Act represents a shift by the state to move closer to other privacy acts passed across the country, similar to that of California. The Act came into effect on January 15, 2025. Please reach out to our legal team at OGC Solutions® for guidance on how statute affects your business.


No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Comments

    🌍 Explore thrilling adventures at! Spin & win big today! 🎉

    🔥 Discover the ultimate betting experience at n1bet! Fast, fun, and fair gaming awaits! 🎲

    🎯 Hit your lucky streak on the baba ijebu site! Spin. Win. Repeat. 🔄

    📱 Bet on the go with Nairabet Mobile! Top odds, anywhere in Nigeria! 🌍 Join today!

    🌍 Join the thrill at SportyBet Nigeria! Bet on your favorite sports and win big! 🏆 Dive in now!