New Jersey
Privacy Laws
Overview
BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay
FINES & PENALTIES – Violations
Up to triple damages
Regulation Levels
-
Breach Reporting
-
Consumer Notification
-
Vendor Management
-
Vendor Contract Required
PRIVACY AND SECURITY LAWS
Laws related to personal information and privacy and security.
Breach Reporting
Required
Vendor Obligations
Required
Consumer Notification
Required
Vendor Contracts
Not Required
Vendor Notification
Required
Privacy Program
Required
QUICK FACTS
New Jersey Privacy Law Information
Organizations and Vendors who conduct business in New Jersey must have measures in place for the secure destruction of records containing personal information so the records are unreadable or undecipherable.
For breaches involving online account personal information, consumer notification may be provided in electronic form informing consumers of the incident and directing them to change the password/security question/answer that may have been compromised. Breach reporting must be made to the Division of State Police in the Department of Law and Public Safety for investigation or handling, prior to consumer notifications. If more than 1,000 persons must be notified about a breach of security, then consumer reporting agencies must be made aware of the breach without unreasonable delay.
If a determination is made that consumer notification will not be required, the decision must be documented in writing and maintained for five years. If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
Vendors must notify Organizations immediately after discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notification.
Specific provisions protect personal information relating to health records and credit card records.
Injured persons may be awarded treble damages in addition to other equitable relief received.
New Jersey Statutes and Laws
Personal identification information not required for credit card transaction
Action, counterclaim by injured person; recovery of damages, costs
Security of personal information
Restrictions for health insurance carrier relative to certain computerized records
Credit card transactions
Electronic printing of credit card numbers on sales receipts, regulated
Identity theft prevention act
Personal information and privacy protection act
DISCLAIMER
The information provided is not legal guidance or recommendations and are for informational purposes only.