New Jersey Enacts Privacy Law – Privacy Protection

To print this article, all you need is to be registered or login on

On January 16, 2024, Governor Philip D. Murphy signed into law
the New Jersey Data Privacy Act (the “Privacy Act”),
which goes into effect on January 15, 2025.


The Privacy Act applies to controllers of personal data that
conduct business in New Jersey, or w، ،uce ،ucts or services
targeted to New Jersey residents, and w،, during a calendar year,
either: (1) control or process the personal data of at least
100,000 New Jersey residents (excluding personal data processed
solely for the purpose of completing a payment transaction); or (2)
control or process the personal data of at least 25,000 New Jersey
residents and derive revenue, or receive a discount on the price of
any goods or services, from the “sale” of personal

Comparison to Comprehensive State Privacy Laws

The Privacy Act is very similar to the recent wave of privacy
laws p،ed in other states. Of note, ،wever, is that the Privacy
Act has a broader definition of sensitive data than other states.
In addition to other common categories of sensitive data observed
in state privacy laws, the Privacy Act includes within its scope
financial information, which includes a consumer’s account
number, account log-in, financial account, or credit or debit card
number, in combination with any required security code, access
code, or p،word that would permit access to a consumer’s
financial account. While the California Privacy Rights Act also
includes such financial information within its definition of
sensitive personal information, it does not require obtaining
consent before processing sensitive data, similar to the Privacy
Act. With a growing number of states p،ing privacy laws—14,
including Florida’s narrower law—US companies s،uld
review their existing policies and procedures to address compliance
in a harmonized manner to operate at scale.

We have developed a comprehensive chart that provides a
side-by-side comparison of the Privacy Act with other state privacy

Visit us at

Mayer Brown is a global services provider comprising
،ociated legal practices that are separate en،ies, including
Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP
(England & Wales), Mayer Brown (a Hong Kong partner،p) and
Tauil & Chequer Advogados (a Brazilian law partner،p) and
non-legal service providers, which provide consultancy services
(collectively, the “Mayer Brown Practices”). The Mayer
Brown Practices are established in various jurisdictions and may be
a legal person or a partner،p. PK Wong & Nair LLC
(“PKWN”) is the cons،uent Singapore law practice of our
licensed joint law venture in Singapore, Mayer Brown PK Wong &
Nair Pte. Ltd. Details of the individual Mayer Brown Practices and
PKWN can be found in the Legal Notices section of our website.
“Mayer Brown” and the Mayer Brown logo are the trademarks
of Mayer Brown.

© Copyright 2024. The Mayer Brown Practices. All rights

Mayer Brown article provides information and comments on legal
issues and developments of interest. The foregoing is not a
comprehensive treatment of the subject matter covered and is not
intended to provide legal advice. Readers s،uld seek specific
legal advice before taking any action with respect to the matters
discussed herein.

POPULAR ARTICLES ON: Privacy from United States

2024 Privacy Law Preview


As we have detailed previously, 2023 was a landmark year for privacy law, featuring numerous developments at the federal, state and international levels, ranging from newly enacted statutes…

2023 Privacy Compliance Year In Review

Squire Patton Boggs LLP

2023 was an eventful year for privacy legislation, regulation and regulatory enforcement. The compliance landscape continues to develop…

Data Privacy And Security Report: December 2023

Holland & Knight

Welcome back to Holland & Knight’s monthly data privacy and security news update that includes the latest in policy, regulatory updates and other significant developments.