The New Jersey Data Protection Act (NJDPA), N.J. Stat. § 56:8-166.4 et seq., went into effect on January 15, 2025, as New Jersey joins eighteen other states with comprehensive data privacy laws. Here’s what you need to know to stay compliant and maintain consumer trust.
Who Is Affected?
This law applies to businesses that:
- Operate in New Jersey or target New Jersey residents.
- Process data from at least 100,000 consumers annually or at least 25,000 if their revenue depends on data sales.
Key Highlights of the Law
- Transparency in Data Collection: Businesses must disclose:
- The types of personal data they collect and why it’s being used.
- Any third parties with whom the data is shared.
- Clear instructions on how consumers can exercise their rights.
- Enhanced Consumer Rights: New Jersey residents now have the right to:
- Opt-Out: Prevent the sale or targeted use of their data.
- Access Data: Request a copy of the personal data a business holds about them.
- Request Deletion: Ask for their personal data to be deleted, subject to certain exceptions.
- Consent for Sensitive Data: Explicit consent is required before collecting or processing sensitive information such as financial, biometric, or health-related data.
- Opt-Out Mechanism: Businesses must implement an easy-to-use system for consumers to opt out, such as a web link or phone number.
- Data Security Requirements: Companies must take reasonable measures to protect personal data and promptly notify individuals in case of a breach.
What You Should Do
- Review Data Practices: Audit how you collect, process, and share consumer data.
- Update Privacy Policies: Ensure your policies meet the law’s requirements.
- Implement Consumer Controls: Create systems for opt-out and data access requests.
- Train Employees: Educate your team on handling consumer data responsibly.
- Seek Expert Advice: Work with legal and IT professionals to ensure compliance.
Questions or Need Assistance? Reach out to a member of the BMT Support Team!
Leave A Comment