Can I ensure that my company is compliant with expanding privacy protections in New Jersey? What are the requirements?

Privacy Protections in New Jersey

New Jersey has recently expanded its privacy protections with the enactment of the New Jersey Consumer Privacy Act (NJCPA) ^[1.1]. The NJCPA is similar to the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR) in that it gives consumers more control over their personal information.

Requirements for Compliance

If your company collects personal information from New Jersey residents, it must comply with the NJCPA. The following are some of the requirements for compliance:

1. Disclosure: Companies must disclose what personal information they collect, how it is used, and with whom it is shared. This information must be provided to consumers in a privacy policy or notice at or before the point of collection ^[1.1].
2. Right to Access: Consumers have the right to request access to their personal information that a company has collected. Companies must provide this information to consumers within 45 days of receiving a verifiable request ^[1.1].
3. Right to Deletion: Consumers have the right to request that a company delete their personal information. Companies must comply with this request within 45 days, unless there is a legal reason to retain the information ^[1.1].
4. Opt-Out: Consumers have the right to opt-out of the sale of their personal information. Companies must provide a clear and conspicuous link on their website to allow consumers to opt-out ^[1.1].
5. Data Security: Companies must implement reasonable security measures to protect personal information from unauthorized access, destruction, use, modification, or disclosure ^[1.1].
6. Non-Discrimination: Companies cannot discriminate against consumers who exercise their rights under the NJCPA ^[1.1].

To ensure that your company is compliant with the expanding privacy protections in New Jersey, you should review the NJCPA and ensure that your company is meeting all of the requirements for compliance. This may include updating your privacy policy, implementing new data security measures, and providing consumers with the ability to access, delete, and opt-out of the sale of their personal information.

Please note that the NJCPA applies to all companies that collect personal information from New Jersey residents, including employee leasing company groups ^[2.1], assurance organizations ^[2.2], and third-party administrators ^[3.2]. Additionally, the NJCPA only requires disclosure of personal information collected from New Jersey residents ^[4.1].

Source(s):

• [1.1] New Jersey Corporate and Business Law Study Commission
• [2.1] Employee leasing company groups
• [2.2] Assurance organizations-approval
• [4.1] Exemptions for securities transactions and securities offerings
• [3.2] License or registration required

Jurisdiction

New Jersey

• Privacy