New Jersey Personal Information and Privacy Protection Act
The New Jersey Senate approved a bill restricting how retailers collect and use personal data for specific purposes. Governor Chris Christie signed the Personal Information and Privacy Protection Act into law on July 21, 2017. The law became effective on November 1, 2017
The law came into effect to respond to concerns from reports about how businesses use and store the information they obtain from scanned driver’s licenses. It provides that a retailer may only scan identification documents or cards for to:
- Record, hold, or transfer information by a body governed by medical privacy. The security rules must be established according to federal law.
- Verify the card’s authenticity or the age of the holder if they pay for goods or services in any other form of payment than cash, or requests a refund
- Send data to a debt collector, financial institutions, or consumer reporting agency for use as allowed by federal law.
- Record, store, or transfer the information as stipulated by federal or State law.
- Maintain or establish a contractual relationship
- Verify the cardholder’s age when providing goods or services restricted by age
- Prevent fraud or criminal activity if the cardholder returns merchandise or needs goods exchange through a fraud prevention service system
Besides, the law stipulated the information that a retailer may collect, which is restricted to the person’s name, date of birth, address, identification card number, and the State issuing the identification card. Retailers are not allowed by law to retain information collected to verify the authenticity of the identification card, holder identity, and age verification.
Any information obtained for every other purpose above shall be stored securely. The information must not be provided to third parties for any purpose not provided in the law, including marketing purposes. If a data breach happens, the retailer must notify the affected person and the state police as soon as possible.
A violation of the law in the Personal Information and Privacy Protection Act will lead to a civil penalty of $2,500 for first offenders. Consequent violations will lead to a $5,000 fine. The law, in Superior Court, also provides for a private right of action to recover damages.
Strict Mandates on Businesses
Twenty-five state legislatures across the country came together and proposed various bills to address consumer data privacy. The legislators in New York and New Jersey acted to enhance security obligations and businesses’ privacy. Their deliberations touched on policies of commercial entities, privacy practices, and commercial websites that collect, process, and store confidential information of residents.
The enhanced obligations served to promote individual interest in security and privacy. However, they also had a dramatic effect on the compliance efforts of businesses and the resulting costs. According to the legislation, all affected companies would implement and reevaluate their data privacy and security programs. Additionally, they were required to have breach prevention and response programs as part of today’s ever-evolving compliance requirements.
Besides, some two bills that were later presented to the New Jersey Senate and Assembly would see companies subjected to new requirements if they collect or process personal information of New Jersey residents. The Senate Bill 3153 and 2834, with companions Assembly Bill 4640 and 4902 respectively, had similar compliance requirements, but some differences were notable.
One of the notable differences is the exemption allowed for some businesses that fall below the annual revenue threshold or the number of people from whom they collect personal information. Discussions ensued after the bills were introduced, as the legislators tried to agree on the terms, scope, and requirements of any legislation they would eventually endorse.
While it’s not clear what future proposals may bring, businesses must adhere to the existing laws concerning collecting, processing, sharing, and storing personal information.
Importance of Data Privacy Compliance
Data privacy laws require your business to maintain an acceptable level of trust between you and your clients. Compliance in data privacy provides a framework that incorporates a set of guidelines that you must integrate into your security system according to federal and state laws on varying levels.
The laws ensure that you legally handle, store, and transmit personal information to avoid exploiting that data for selfish ends. While the implementation of data privacy laws differs from one region to another, their importance cuts across the board.
For starters, data privacy compliance equips your company to responsibly handle and protect information belonging to an entity or individual. This implies your accountability to protect all information related to transactions from mishandling, unauthorized use, or disclosure.
By implementing data privacy laws and requirements, you can effectively reduce the number of incidents that lead to privacy breaches. Without incidents of data breaches, your customers and partners will not lose trust in your business. It also means that you will avoid dealing with possible civil suits, costly fines, and multi-year penalties that can bring your business down.
A report published by Pew found that 93% of Americans feel that it’s essential to have control over individuals and entities allowed to obtain personal information from them. 90% of the respondents said that they would want to control the information collected about them.
If your business implements privacy protections that provide such controls, you will be on your way to growing your business. Customers will prefer to get products and services from you over your competitors without such rules.
Start Your Data Privacy Compliance Journey Now
Data privacy compliance is crucial for your business to avoid breaking the law. You don’t want to risk exposing your client’s and business’ information, giving cybercriminals an upper hand to defraud you. By finding out what the data privacy laws require of your business, you will be armed to protect your business.
It would be best if you also put up security measures to protect your data from cybersecurity threats. A lot goes into ensuring your systems are cybersecurity compliant, and you need expert help to get everything right. Professionals at Baroan Technologies are here to help you. Talk to us today, and let us work together towards safeguarding personal information and making your business data security compliant.