Data privacy and security law in the U.S. is like a patchwork quilt of many shapes and patterns. The first patches were formed by the common law right to privacy, see, e.g., Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890), and since then, the patchwork has proliferated with acronym-laden privacy and security protections at the federal level (e.g., GLBA, FCRA, FACTA, HIPAA and FERPA), and state legislative efforts in reaction to the consumerization of the internet, the miniaturization of processing power, and the globalization of the information economy.

At present, statehouses across the country are endeavoring to blanket all potential vulnerabilities through a narrowed focus on privacy and security. New Jersey is no different, with nearly 50 pending bills addressing data, privacy and cybersecurity. All this legislative activity will have a direct and dramatic impact on how business is conducted in New Jersey and across the country.