New Jersey Consumer Data Privacy Legislation: What Businesses Need to Know

New Jersey lawmakers have taken a significant step towards enhancing consumer data privacy by passing a bill that would establish the state’s first consumer data privacy legal framework. If approved by Gov. Phil Murphy, the legislation would provide consumers with more control over their personal information and require businesses to make substantial changes to their data practices.

The bill, known as SB 332, would apply to entities considered to be “data controllers,” which includes companies that conduct business in New Jersey or target residents of the state. These businesses must either control or process the personal data of at least 100,000 consumers or at least 25,000 consumers and derive revenue from the sale of personal data.

One key aspect of the legislation is the rights it grants consumers, including the ability to confirm, correct, and delete their personal data, as well as opt-out of targeted advertising and the sale of personal data. Businesses would also be required to provide consumers with clear and accessible privacy notices detailing how their data is processed and shared.

If enacted, the law would be enforced by the state Attorney General, with potential fines of up to $20,000 for repeat violations. Businesses subject to the legislation are advised to assess their current data practices and work towards compliance in preparation for the law’s potential enactment.

Overall, the passage of this bill represents a significant milestone in New Jersey’s efforts to protect consumer privacy and could serve as a model for other states looking to enhance data privacy regulations.