Prompt action is critical.

48 of 50 states require businesses to respond to a data breach quickly. While a specific notification timetable is absent in most states, New Jersey does require prompt action when a business becomes aware of a breach to their computer system.

When such an event occurs, their first course of action should be to notify the Division of the State Police in the Department of Law and Public Safety. Next, the impacted customers, clients or vendors must be alerted to this compromise of data through email or other written notice. If more than 1,000 people are affected, the business owner must notify all consumer reporting agencies. The Consumer Fraud Act enforces data breach notification statues in New Jersey.

Name of Law

Identity Theft Protection Act

Definition of Protected Information

Combination of name or other personal identifying information, PLUS one or more of these data elements: social security number; driver’s license number; credit card number; debit card number with PIN, password or access code

Who is Subject to the Law?

Any business conducting business in the state of New Jersey

Notification of Consumers

Willfully, knowingly or recklessly violating the data breach notification law is an unlawful practice and a violation of New Jersey’s Consumer Fraud Act. Notification to consumers of a breach can be done in either written or electronic format. it is important to note that if a business is domiciled in New Jersey but has additional clients, vendors or other customers outside the state, said business must observe both the notification law of New Jersey as well as the laws of the state or states where their clients, vendors or other customers reside.