Securiti launches Gencore AI, a holistic solution to build Safe Enterprise AI with proprietary data - easily

View

New Jersey Data Privacy Act (NJDPA)

Last Updated on November 18, 2024

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

On January 16, 2024, Governor Phil Murphy signed the New Jersey Data Privacy Act (NJDPA), making New Jersey the first state in 2024 and the thirteenth to pass a comprehensive data privacy law.

The law applies to the processing of personal data of New Jersey residents, referred to as "consumers." It expands the definition of sensitive data to include consumer financial information but excludes business contact and employee data from its scope, exempting employee data from the law's applicability.

The NJDPA applies to businesses operating in or targeting New Jersey residents. It covers controllers that, in a calendar year, either collect or process the personal data of at least 100,000 consumers (excluding data used solely for payment transactions) or collect or process the data of at least 25,000 consumers if the business earns revenue or benefits from selling personal data.

 The NJDPA has a broader scope than other privacy laws, lacks a private right of action, and does not establish an independent regulatory authority. It will take effect on January 15, 2025.


The Solution

Securiti enables organizations to comply with New Jersey Data Privacy Act (NJDPA) through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Securiti supports enterprises' journey toward compliance with the New Jersey Data Privacy Act (NJDPA) through automation, enhanced data visibility, and identity linking.

The European Union’s Data Act

Readiness Assessment

NJDPA Provisions

Use our collaborative, multi-regulation, readiness assessment system to measure your organization's posture against NJDPA requirements, identify gaps, and address compliance risks.

Readiness Assessment
Auto Compliance Management

Auto Compliance Management

NJDPA Provisions

Automate compliance with NJDPA using Securirti common controls and tests.

Privacy Notice Management

Section(s): 3(a)

Automatically update and refresh your privacy policies and notices. Build and publish a privacy notice with pre-built templates, in compliance with the NJDPA.

Privacy Notice Management
Universal Consent Management

Universal Consent Management

Section(s): 1, 9(a)(4), 9(a)(7)

Monitor consent for various data processing activities via the central dashboard. Track consent revocation to prevent the processing or transfer of data without consent.

Cookie Consent Management

Section(s): 9(a)(2), 9(a)(4), 9(a)(7)

Scan websites to classify cookies, deploy customized consent collection points, and link consent to user identities and personal data categories collected from endpoints.

Cookie Consent Management
Sensitive Data Intelligence

Sensitive Data Intelligence

Section(s): 1

Discover personal data and sensitive data stored across all systems within the organization and link it to unique data subjects. Visualize personal data sprawl and identify compliance risks.

Data Mapping Automation

Section(s): 3(a)

Trace data flow across your systems, catalog data collection and transfer, and document business process flows internally and to the processors.

Data Mapping Automation
Data Subject Rights Fulfillments

Data Subject Rights Fulfillments

Section(s):  4, 7 

Create customized web forms and accept verified DSR requests. Automate the initiation of the access, correction, deletion, portability and opt-out request fulfillment workflows in compliance with the NJDPA.

Data Breach Management

Section(s): 13(b)(2), NJ Rev Stat § 56:8-163

Track and manage potential incidents and data breaches with automated notification guidance based on global regulatory requirements.

Data Breach Management
Data Protection Assessment Automation

Data Protection Assessment Automation

Section(s): 9(a)(9)

Initiate Data Protection Assessments (DPAs) using compliance templates, invite stakeholders to contribute and review responses, track progress in real-time, and share approved assessments with third parties.

Vendor Assessments

Section(s): 13(e)

From a single interface, you can track privacy and security readiness for all your service providers. You can also collaborate instantly with processors and manage all processor agreements and compliance documents.

Vendor Assessments
Data Security Posture Management

Data Security Posture Management

Section(s): 13(d)

Discover and auto-remediate security misconfigurations in SaaS and IaaS data systems using a library of rules based on vendor recommendations, industry standards, and best practices.

Key Facts about NJDPA

1

NJDPA defines personal data as any information linked or reasonably linkable to an identified or identifiable individual and does not include de-identified data or publicly available information.

2

Controllers must limit the processing of consumers' personal data to only ‘what is relevant, adequate, and reasonably necessary’ and for purposes that are communicated to the consumer at the time of collection.

3

Controllers must obtain the consumer’s freely given, specific, informed, and unambiguous consent before using their personal data for any purposes that are either not reasonably necessary or compatible with the purposes initially communicated to the consumer.

4

Controllers must not process sensitive data without express consent, or for children, without complying with COPPA.

5

Controllers must not process personal data for targeted advertising, sale, or profiling without express consent for consumers aged 13-17, if the controller knows or disregards their age.

6

Controllers must provide the consumers with a ‘reasonably accessible, clear, and meaningful’ privacy notice.¨

7

Controllers must establish and implement adequate technical, physical, and administrative data security measures to ensure the data’s confidentiality, accessibility, and integrity against unauthorized access while it is stored or used.

8

Controllers must conduct and document a data protection assessment (DPA) before initiating any processing activity that may contain a ‘heightened risk of harm to a consumer.’

9

NJDPA provides consumers with the right to confirm and access their personal information, the right to correct, the right to delete, the right to data portability and the right to opt-out.

10

The Office of the Attorney General of the state of New Jersey has the exclusive authority to enforce the law.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

What's
New