When such an event occurs, their first course of action should be to notify the Division of the State Police in the Department of Law and Public Safety. Next, the impacted customers, clients or vendors must be alerted to this compromise of data through email or other written notice. If more than 1,000 people are affected, the business owner must notify all consumer reporting agencies. The Consumer Fraud Act enforces data breach notification statues in New Jersey.
Name of Law
Identity Theft Protection Act
Definition of Protected Information
Combination of name or other personal identifying information, PLUS one or more of these data elements: social security number; driver’s license number; credit card number; debit card number with PIN, password or access code
Who is Subject to the Law?
Any business conducting business in the state of New Jersey
Notification of Consumers
Willfully, knowingly or recklessly violating the data breach notification law is an unlawful practice and a violation of New Jersey’s Consumer Fraud Act. Notification to consumers of a breach can be done in either written or electronic format. it is important to note that if a business is domiciled in New Jersey but has additional clients, vendors or other customers outside the state, said business must observe both the notification law of New Jersey as well as the laws of the state or states where their clients, vendors or other customers reside.