The increasing threat of cyber-attacks and data breaches is spotlighting the need for practitioners to keep up to date on the changing landscape of privacy law. Doing so, however, is challenging. Unfortunately, there is no comprehensive consumer privacy law at the federal level yet, leaving it to individual states to enact laws to protect the privacy rights of their residents. More states are beginning to do so, and new state privacy litigation is coming into effect next year, which will impose new requirements on businesses and offer expanded rights for consumers. It is therefore critical for attorneys advising businesses that reach consumers both inside and outside of New Jersey to be aware of these new requirements to provide appropriate advice to their clients.

Currently, California has what is considered comprehensive consumer privacy legislation to protect its resident consumers. That legislation governs what businesses that meet certain requirements can and cannot do with customers’ personal identifiable information (PII).[1] PII is any type of data or information that can be used to identify someone, such as their name, social security number, email address or phone number. See U.S. Department of Labor Guidance on the Protection of Personal Identifiable Information. Virginia, Colorado, Utah, and most recently, Connecticut, have followed California’s lead by enacting their own comprehensive privacy legislation, and their laws become effective next year. New Jersey has yet to enact its own comprehensive privacy law, but the New Jersey State General Assembly in January of this year introduced the Disclosure and Accountability Transparency Act, which is working its way through the legislative process.