New Jersey’s Consumer Data Privacy Statute – What You Need to Know
On January 16, 2024, Governor Murphy signed S332 into law, making New Jersey the 13th state to enact legislation designed to protect the personal data of its residents. The law will become effective next year, on January 15, 2025, and imposes various obligations on a person or entity (designated as either a “controller” or a “processor”) that collects, discloses, processes, or sells the personal data of New Jersey consumers. The statute establishes various rights for New Jersey residents with respect to their own personal data and also provides consumers with the ability to opt out of disclosure and sale of their personal data in certain circumstances. Finally, the Division of Consumer Affairs has the authority to develop rules and regulations necessary to effectuate the purposes of the statute, and the Attorney General has sole and exclusive enforcement authority. The scope of S332 signed by the Governor was expanded significantly from prior versions. As late as December 17, 2023, the bill only applied to a person or entity that operated “any service provided over the Internet that collects and maintains personally identifiable information from a consumer.” The law enacted less than one month later, however, is not limited to collection of data over the internet; it applies to all “personal data” regardless of how it is...