Posts

Showing posts with the label New Jersey Data Privacy Act

Proposed New Jersey Regulations Would Require Major Privacy Compliance Shifts for Businesses

New Jersey officials recently released proposed privacy regulations that would create several new compliance obligations for businesses above and beyond what existing state law and many other state laws require, meaning you may need to adjust your compliance approach if you do business there. The June 2 release by the Office of Consumer Protection aims to stretch the boundaries of the New Jersey Data Privacy Act (NJDPA) – so much so, in fact, that you should not assume your existing compliance programs would fully satisfy these proposed requirements. They include detailed standards for obtaining  consumer consent , specific content and timing requirements for  loyalty program notices , expanded definitions of  personal and sensitive data , and new restrictions on the use of data for  AI model training . The public comment period for businesses that want to make their voice heard runs through August 1, 2025. What do you need to know about these proposed rules, and wh...

Privacy Blizzard Expected in January as Five State Laws Take Effect

  Around the country, the weather is turning wintery, but in the privacy arena, there will be a blizzard as five state comprehensive privacy laws become effective. Here is an overview of businesses needing to prepare. 1.  Delaware Personal Data Privacy Act (DPDPA) The DPDPA takes effect on January 1, 2025. It applies to entities doing business in Delaware or targeting Delaware residents. It covers businesses that process the personal data of at least 35,000 consumers or derive significant revenue from selling personal data. Notably, nonprofits are not exempt, and the law includes stringent requirements for handling sensitive personal information. 2.  Iowa Consumer Data Protection Act (ICDPA) The ICDPA also takes effect on January 1, 2025.  It is more business-friendly, with a high threshold for applicability. It targets businesses that control or process data of at least 100,000 Iowan consumers or derive over 50% of their revenue from selling personal data. The ICDPA...