New Jersey Legislature Enacts the First Consumer Privacy Law of 2024

Posted on by pogowasright.org

Mary T. Costigan, Jason C. Gavejian, and Joseph J. Lazzarotti of JacksonLewis write:

On January 16, 2024, New Jersey’s Governor signed  Senate Bill (SB) 332, which establishes a consumer data privacy law for the state.  New Jersey becomes the 13th state to pass a consumer data consumer privacy law. The law would take effect one year after its enactment, on January 16, 2025.

To whom does the law apply?

The law applies to controllers defined as an individual or legal entity that alone or jointly with others determines the purpose and means of processing personal data that do business in New Jersey or produce products or services targeted at New Jersey residents and that during a calendar year either:

  • Control or process the personal data of at least 100,000 consumers, excluding personal data processed solely to complete a payment transaction; or
  • Control or process the personal data of at least 25,000 consumers and the controller derives revenue, or receives a discount on the price of any goods or services, from the sale of personal data.

Who is protected by the law?

Under the law covered consumer is defined as a person who is a resident of New Jersey acting only in an individual or household context. Like several other states, excluding California, the consumer does not include a person acting in a commercial or employment context.

What data is protected by the law?

The law will protect data that qualifies as “personal data” which is information that is linked or reasonably linkable to an identified or identifiable person. It does not include de-identified data or publicly available information.

What are the rights of consumers?

Under the law, a consumer has the following rights:

  • To confirm whether a controller processes the consumer’s personal data and access such personal data.
  • To correct inaccuracies in the consumer’s personal data.
  • To delete personal data concerning the consumer.
  • To obtain a copy of the consumer’s data.
  • To opt out of the processing of personal data for the purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

Read more at Workplace Privacy, Data Management & Security Report.

Category: Featured NewsLawsU.S.