The New Jersey Data Protection Act (NJDPA) officially comes into force on January 15th, 2025. This legislation marks a significant step in safeguarding the personal information of New Jersey residents and brings the state in line with a growing number of states enacting comprehensive data privacy laws.

Understanding the NJDPA's Core Principles:

The NJDPA centers around several key principles:

• Consumer Control: Empowering New Jersey residents with greater control over their personal data.

• Business Accountability: Placing clear obligations on businesses to handle personal data responsibly and transparently.

• Risk-Based Approach: Requiring businesses to assess and mitigate the risks associated with their data processing activities.

Key Provisions for Businesses to Note:

• Consumer Rights: The NJDPA grants New Jersey residents various rights, including the right to access, correct, delete, and obtain a copy of their personal data.

• Data Security: Businesses must implement reasonable security measures to protect personal information from unauthorized access, use, or disclosure.

• Sensitive Data: Processing sensitive data, such as health information or biometric data, requires explicit consumer consent.

• Targeted Advertising and Profiling: Businesses engaged in targeted advertising or profiling must conduct data protection assessments to evaluate and mitigate risks.

• Universal Opt-Out: Starting July 15th, 2025, businesses must recognize a universal opt-out mechanism, allowing consumers to easily opt out of the sale or sharing of their personal data.

Preparing for the NJDPA:

Businesses subject to the NJDPA should take proactive steps to ensure compliance, including:

• Reviewing and updating privacy policies.

• Implementing data protection measures and conducting risk assessments.

• Establishing procedures for responding to consumer rights requests.

• Staying informed about the latest guidance and interpretations of the NJDPA.

White & Case has a great article that goes into additional detail, which you can read here.

By understanding and complying with the NJDPA, businesses can demonstrate their commitment to protecting consumer privacy and fostering trust in the digital marketplace.

As of January 1st, 2025, businesses subject to the California Consumer Privacy Act (CCPA) must be aware of significant updates to the potential fines and penalties for non-compliance. These adjustments, mandated by California law and tied to the Consumer Price Index (CPI), reflect the state's ongoing commitment to protecting consumer data privacy.

Key Changes:

• Increased Administrative Fines: Fines for non-compliance have increased to $2,663 per violation.

• Higher Penalties for Intentional Violations: Intentional violations or those involving the mishandling of data from minors (under 16) now carry a penalty of $7,988 per violation.

Implications for Businesses:

These increased penalties underscore the importance of prioritizing CCPA compliance. Businesses that handle the personal information of California consumers should review their data privacy practices and ensure they have the necessary safeguards in place to protect consumer data.

What Businesses Should Do:

• Perform compliance audits

• Review policies, and how they are being implemented

• Educate your employees on CCPA requirements and best practices

• Engage in incident response planning

Read more on the subject here.