Data Privacy Regulation Michael Adler Data Privacy Regulation Michael Adler

The NJDPA Takes Effect: A New Era of Data Privacy in New Jersey

The New Jersey Data Protection Act comes into force January 15, 2025. Learn more about what you need to know!

The New Jersey Data Protection Act (NJDPA) officially comes into force on January 15th, 2025. This legislation marks a significant step in safeguarding the personal information of New Jersey residents and brings the state in line with a growing number of states enacting comprehensive data privacy laws.

Understanding the NJDPA's Core Principles:

The NJDPA centers around several key principles:

  • Consumer Control: Empowering New Jersey residents with greater control over their personal data.

  • Business Accountability: Placing clear obligations on businesses to handle personal data responsibly and transparently.

  • Risk-Based Approach: Requiring businesses to assess and mitigate the risks associated with their data processing activities.

Key Provisions for Businesses to Note:

  • Consumer Rights: The NJDPA grants New Jersey residents various rights, including the right to access, correct, delete, and obtain a copy of their personal data.

  • Data Security: Businesses must implement reasonable security measures to protect personal information from unauthorized access, use, or disclosure.

  • Sensitive Data: Processing sensitive data, such as health information or biometric data, requires explicit consumer consent.

  • Targeted Advertising and Profiling: Businesses engaged in targeted advertising or profiling must conduct data protection assessments to evaluate and mitigate risks.

  • Universal Opt-Out: Starting July 15th, 2025, businesses must recognize a universal opt-out mechanism, allowing consumers to easily opt out of the sale or sharing of their personal data.

Preparing for the NJDPA:

Businesses subject to the NJDPA should take proactive steps to ensure compliance, including:

  • Reviewing and updating privacy policies.

  • Implementing data protection measures and conducting risk assessments.

  • Establishing procedures for responding to consumer rights requests.

  • Staying informed about the latest guidance and interpretations of the NJDPA.

White & Case has a great article that goes into additional detail, which you can read here.

By understanding and complying with the NJDPA, businesses can demonstrate their commitment to protecting consumer privacy and fostering trust in the digital marketplace.

Read More