New Jersey Privacy Law Overview
New Jersey's privacy law took effect January 15, 2025. It tracks the multistate model but tightens several screws — any revenue from selling data (not just a 25% or 50% share) can trigger coverage, and the window to honor consumer opt-outs is a short 15 days. Rulemaking by the Division of Consumer Affairs adds further detail.
The New Jersey Data Privacy Act (NJDPA)
New Jersey's law grants comprehensive consumer rights with opt-in consent for sensitive data and recognition of universal opt-out signals. It is stricter than many peers in two ways: the data-sale threshold has no minimum revenue percentage, and businesses must act on opt-out requests within just 15 days.
NJDPA: Quick Overview
- Effective Date: January 15, 2025
- Citation: N.J. Stat. Ann. § 56:8-166.4 et seq.
- Enforced By: New Jersey Attorney General (Division of Consumer Affairs)
- Maximum Penalty: Up to $10,000 for a first violation; $20,000 for subsequent violations
- Private Right of Action: No (enforcement by the state only)
- Right to Cure: 30 days (available until July 1, 2026)
Who Must Comply
The NJDPA applies to businesses that meet New Jersey's applicability thresholds:
- Controls or processes the personal data of 100,000+ New Jersey consumers per year, or
- Processes data of 25,000+ consumers and derives any revenue or discount from selling personal data
What makes New Jersey different: New Jersey's data-sale threshold has no minimum revenue share, and businesses must honor opt-outs within a tight 15 days.
Consumer Rights Under the NJDPA
New Jersey residents can exercise the following rights over their personal data:
- Right to access / confirm what data is held
- Right to correct inaccurate data
- Right to delete personal data
- Right to data portability
- Right to opt out of targeted advertising
- Right to opt out of the sale of personal data
- Right to opt out of profiling for significant decisions
Sensitive personal data: Businesses must obtain opt-in consent before processing sensitive data (such as health, biometric, precise-geolocation, or demographic data).
Data Breach Notification in New Jersey
New Jersey requires notice to affected residents within 30 days and to the State Police and Division of Consumer Affairs for breaches involving New Jersey residents.
- Deadline to notify residents: No later than 30 days after determination of a breach
- Attorney General notice: Notify the State Police and Division of Consumer Affairs of breaches affecting residents
- Covered data: Name combined with sensitive identifiers (SSN, driver's license, financial-account or medical information, and more)
Federal Privacy Laws That Apply in New Jersey
Even where New Jersey law is silent, residents and businesses are covered by federal privacy statutes:
- HIPAA — health information held by providers, plans and their vendors
- GLBA — privacy and safeguards rules for financial institutions
- FERPA — student education records
- FCRA — consumer reporting agencies and background screening
- COPPA — online collection of data from children under 13
- FTC Act §5 — unfair or deceptive privacy and data-security practices
New Jersey Privacy Law FAQ
How is New Jersey's privacy law stricter than other states'?
Who enforces the New Jersey Data Privacy Act?
How a New Jersey Privacy Attorney Can Help
For Businesses
- Build and audit a privacy compliance program
- Draft privacy policies, notices and vendor contracts
- Respond to consumer rights requests
- Manage data-breach response and notification
- Defend regulatory investigations and enforcement
For Consumers
- Enforce your privacy rights against non-compliant businesses
- Pursue or join data-breach litigation
- File complaints with the New Jersey Division of Consumer Affairs
- Seek damages for identity theft and fraud
- Stop unlawful data sales and unwanted marketing
Need a New Jersey Privacy Attorney?
Whether you are a business working toward compliance or a New Jersey resident whose privacy has been violated, our network of New Jersey-licensed attorneys can help.
Find a New Jersey Privacy Attorney