New Jersey Data Privacy Act

The New Jersey Data Privacy Act (NJDPA) is making waves in the data privacy world. Effective as of January 15, 2025, this comprehensive law grants New Jersey residents significant rights regarding their personal information and places new obligations on businesses that handle their data.1 Think of it as New Jersey's version of the CCPA, but with its own Garden State twist.

Key Provisions of the NJDPA:

  • Consumer Rights:

    • Right to Access: Consumers can request access to their personal data.2

    • Right to Correction: Consumers can request correction of inaccurate personal data.3

    • Right to Deletion: Consumers can request deletion of their personal data.4

    • Right to Opt-Out: Consumers can opt-out of the sale of their personal data or its use for targeted advertising and profiling.5

    • Right to Data Portability: Consumers can request a copy of their personal data in a portable format.6

  • Business Obligations:

    • Provide a Privacy Notice: Clearly inform consumers about your data practices.

    • Respond to Consumer Requests: Respond to consumer requests within 45 days.

    • Implement Reasonable Security: Protect personal data with appropriate security measures.7

    • Conduct Data Protection Assessments: Assess risks for processing activities like targeted advertising, profiling, and the processing of sensitive data.8

    • Obtain Consent: Obtain consent before processing sensitive data.9

  • Sensitive Data:

    • The NJDPA provides heightened protection for sensitive data, including information about race, religion, health, sexual orientation, and precise geolocation.10 Businesses must obtain consent to process this type of data.11

  • Universal Opt-Out:

    • Starting July 15, 2025, businesses must recognize a universal opt-out mechanism that allows consumers to opt-out of the sale or processing of their personal data for targeted advertising.12

Who does the NJDPA apply to?

The NJDPA applies to businesses that conduct business in New Jersey or provide products or services to New Jersey residents and meet one of the following thresholds:

  • Control or process the personal data of at least 25,000 consumers.

  • Derive 50% or more of their gross revenue from selling or sharing personal data.

Why is the NJDPA important?

The NJDPA is a significant step in protecting consumer data privacy in New Jersey.13 It's essential for businesses to understand and comply with the NJDPA to avoid legal and financial risks, build trust with customers, and foster a culture of responsible data handling.14

How Aetos Can Help:

Aetos Data Consulting provides expert guidance and support to help businesses navigate the complexities of the NJDPA. Our services include:

  • NJDPA compliance audits

  • Policy development and implementation

  • Training and awareness programs

  • Data subject request management

Contact us today to learn more about how we can help your business achieve and maintain NJDPA compliance.

Check out other state laws