800.668.7020
M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.

New Jersey Data Breach Laws: Fines, Penalties, and Requirements

Businesses in New Jersey are required to respond to a data breach quickly. The first step is to notify the Division of the State Police in the Department of Law and Public Safety. Next, the affected consumers must be alerted through email or written notice. If the breach affects more than 1,000 people, the business owner must notify all consumer-reporting agencies. The Consumer Fraud Act enforces data breach notification statutes in New Jersey. A business that willfully, knowingly, or recklessly violates the Consumer Fraud Act may have to pay the injured party three times the damages (plus attorney fees and court costs).

Name of Law / Statute

Identity Theft Prevention Act

Definition of Protected Information

Combination of (1) name or other identifying info, PLUS (2) one or more of these "data" elements: SSN; driver's license number; or account number, credit card number, debit card number if accompanied by PIN, password, or access codes, BUT sometimes data without a name attached is considered PI

Who Is Subject to Law?

Any business doing business in the state

Notification of Consumers?

Yes, unless determination of no harm by business

By what means?

Written or electronic; if >1000 residents, must notify consumer reporting agencies

Substitute Notice Threshold?

If cost of notice >$250,000 or involves >500k residents

Notification of authorities / regulators required?

Yes (must notify State Police before consumers)

By what means?

N/A

Regulatory Fines

Yes (under Consumer Protection Act)

Credit monitoring requirement?

No

Private lawsuits allowed?

Yes (under Consumer Protection Act)

Private damages cap?

Treble damages + costs and attorney fees

Regulatory actions allowed?

Yes

HIPAA Compliance exemption?

N/A

Other  (e.g., timeframe)

Law does not apply if PI was encrypted or otherwise secured

Link to complete law

http://www.njleg.state.nj.us/2004/bills/pl05/226_.htm

Read the full text of New Jersey’s data breach law to learn more.

70% of businesses raise prices or cut hiring when sued