Skip to content

Compliance

New Jersey: New Data Privacy Law

New Jersey enacts new Data Protection Act, effective Jan 16, 2025, setting comprehensive consumer data privacy standards for businesses.

← All articles
Filed under Compliance
Bill 332, now recognized as the New Jersey Data Protection Act, was recently signed into law, positioning NJ as the 13th state to implement a comprehensive framework for consumer personal information protection. The law will go into effect January 16, 2025.

Who Must Comply:

The Act will affect controllers and processors that conduct business in NJ or offer products and services to NJ residents. The law focuses on entities managing the personal data of 100,000 consumers or more, or those handling at least 25,000 consumers’ data while also deriving revenue from selling this data.

The Act provides various rights to consumers regarding their personal data, such as verification, correction, deletion, and data portability. It also introduces strict measures for processing sensitive personal data, requiring affirmative consumer consent and adherence to the Children's Online Privacy Protection Act when the data concerns minors.

Businesses must maintain transparent privacy practices and limit data collection to what is necessary for disclosed processing purposes. Moreover, they are required to implement robust data security measures and conduct rigorous data protection assessments for activities posing heightened risks to consumer privacy.

The Office of the Attorney General has exclusive authority to enforce the Act. Violations can lead to penalties, with a 30-day cure period offered initially. The Division of Consumer Affairs is tasked with developing rules and regulations to support implementation.

Implications for Businesses:

Entities operating within the scope of the Act must reassess their data protection strategies, ensuring compliance with the Act’s provisions. The inclusion of nonprofits within the Act’s purview, absence of specific revenue thresholds, and the broader definition of sensitive data suggest a more extensive application compared to laws in other states.

Important Takeaways:

  • Act applies to a wider range of entities without specific revenue thresholds.
  • Financial info is categorized as sensitive data, requiring consent for processing.
  • Data protection assessments are mandatory for high-risk processing activities.
  • Controllers must recognize universal opt-out mechanisms for certain data processing activities.

Businesses should now prioritize understanding and adapting to these requirements to ensure compliance by the effective date Jan 2025.

Found This Useful? Let's Get You Set Up.

Start an application and an expert will tailor the next steps to your situation.

Related reading

15 Licensing Application Process Facts That Delay Approvals

Compliance

15 Licensing Application Process Facts That Delay Approvals

Most licensing delays come from small misses. A payment method that does not work, a stale certificate, the wrong signature, a missing ownership detail. These are the things that slow down filings, trigger deficiencies, and force teams to redo work they thought was finished. We pulled these from the webinar because they came up naturally [...]

California Delete Act: DROP Deadline and Data Broker Rules

Compliance

California Delete Act: DROP Deadline and Data Broker Rules

Property managers in Maryland are running into a question that is getting more attention and creating real operational risk. Does collecting rent, especially when a tenant is past due, trigger Maryland's collection agency licensing requirements?

The Changing Compliance Landscape for Consumer Lenders

Compliance

The Changing Compliance Landscape for Consumer Lenders

Explore evolving compliance rules for consumer lenders, CFPB updates, and strategies to stay compliant in 2025 and beyond.

New Minnesota Data Privacy Law: What You Need to Know

Compliance

New Minnesota Data Privacy Law: What You Need to Know

Minnesota has taken major steps to protect consumer rights and secure the handling of personal data. New privacy legislation puts a spotlight on the duties of financial services businesses, lenders, and debt collectors. It underscores how important compliance with these new Minnesota laws has become and sets a benchmark for protecting sensitive data.

New Money Transmitter Licensing Requirements Under the MTMA

Licensing

New Money Transmitter Licensing Requirements Under the MTMA

Recent updates under the Uniform Money Transmission Modernization Act (MTMA) mean several states have significantly revised their licensing requirements. If you operate in financial services or virtual currency, note that money transmitter licensing may now be required where it was not before. Many businesses will need to reassess their compliance strategies to meet the new standards.

Newsletter: February 2025

Newsletter

Newsletter: February 2025

INDUSTRY NEWS CFPB FEBRUARY SNAPSHOT If you haven't been keeping up with the constant stream of Consumer Financial Protection Bureau (CFPB) updates, here's a quick overview of the key developments this month. The CFPB saw major upheaval, with Director Rohit Chopra dismissed and Treasury Secretary Scott Bessent taking control, leading to an immediate freeze on [...]

Browse the full insights library, meet our editorial team, or download our whitepapers.

Insights

Found This Useful? Let's Get You Set Up.

An expert will respond within one business day.