New Jersey Data Protection Act (“NJDPA”)
The New Jersey legislature passed the New Jersey Data Privacy Act (“NJDPA”) in Senate Bill 332. With the signing of this bill by the governor, New Jersey becomes the first state in 2024 to enact a consumer data privacy law. The NJDPA, as with a few other states, does not contain a revenue threshold. It applies to businesses (“Controllers”) that annually controls or processes the personal data of at least 100,000 consumers, excluding personal data processed solely to complete a payment transaction; or control or process the personal data of at least 25,000 consumers and the controller derives revenue, or receives a discount on the price of any goods or services, from the sale of personal data. It does not cover consumers acting in a commercial or employment context. It will become effect on January 16, 2025.
