Assembly No. 3078, Updated June 14, 2012
New Jersey Statute Annotated: § 56:8-163
Effective Date: January 1, 2006
Definition of Personal Information: An individual’s first name or first initial and last name linked with any one or more of the following data elements:
(a) Social security number;
(b) Driver’s license number or State identification card number;
(c) Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.
Summary: Any business that conducts business in New Jersey, or any public entity that compiles or maintains computerized records that include personal information, shall disclose any breach of security of those computerized records following discovery or notification of the breach to any customer who is a resident of New Jersey whose personal information was, or is reasonably believed to have been, accessed by an unauthorized person. The disclosure to a customer shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. Disclosure of a breach of security to a customer shall not be required under this section if the business or public entity establishes that misuse of the information is not reasonably possible. Any determination shall be documented in writing and retained for five years.
Visit the state Web site