Can I skip updating my privacy policy and other CCPA-related documents in New Jersey? What are the requirements?

Requirements for Privacy Policy and CCPA-related Documents in New Jersey

In New Jersey, the “New Jersey Disclosure and Accountability Transparency Act (NJ DaTA)” establishes certain requirements for disclosure and processing of personally identifiable information. The act requires that controllers, which are persons or legal entities that collect, maintain, and determine the purposes and means of processing personally identifiable information, provide consumers with a privacy policy that includes:

• The categories of personally identifiable information collected by the controller;
• The purposes for which the personally identifiable information is collected, used, and shared;
• The categories of third parties with whom the personally identifiable information is shared;
• The means by which consumers can exercise their rights under the act, including the right to access, correct, delete, and obtain a copy of their personally identifiable information;
• The categories of sources from which the personally identifiable information is collected;
• The categories of third parties to whom the personally identifiable information is sold, if applicable;
• The categories of third parties to whom the personally identifiable information is disclosed for a business purpose, if applicable;
• The retention period for the personally identifiable information; and
• The controller’s contact information.

The NJ DaTA also requires that controllers obtain consumers’ consent before processing their personally identifiable information. Consent must be freely given, specific, informed, and unambiguous, and signify agreement to the processing of personally identifiable information.

Regarding CCPA-related documents, the California Consumer Privacy Act (CCPA) applies to businesses that collect, use, or share the personal information of California residents. However, New Jersey has its own privacy laws, and businesses operating in New Jersey should comply with the NJ DaTA rather than the CCPA.

Can I skip updating my privacy policy and other CCPA-related documents in New Jersey?

No, you cannot skip updating your privacy policy and other CCPA-related documents in New Jersey if you are a controller that collects, maintains, and determines the purposes and means of processing personally identifiable information. The NJ DaTA establishes specific requirements for privacy policies and consent that must be followed. Failure to comply with the NJ DaTA may result in penalties and legal action. ^[2]

Source(s):

• [2] “New Jersey Disclosure and Accountability Transparency Act (NJ DaTA)”; establishes certain requirements for disclosure and processing of personally identifiable information; establishes Office of Data Protection and Responsible Use in Division of Consumer Affairs.

Jurisdiction

New Jersey

• Privacy