This document is provided for general informational purposes only and does not constitute legal, tax, accounting, insurance, brokerage, risk management, or other professional advice. You should consult your own legal counsel or other qualified professional advisors regarding your specific circumstances, and receipt of this document does not create any client, advisory, fiduciary, brokerage, or other professional relationship with Alliant Insurance Services, Inc. This document is provided “as is” without warranty of any kind, and Alliant Insurance Services, Inc. disclaims any liability for any loss or damage arising out of or relating to reliance on this document.
Insight
New Jersey Enacts Sweeping Data Privacy Law, Targets Selling of Personal Information
By David Finz, Alliant Claims
New Jersey recently became the 13th state to enact a comprehensive data protection law, going beyond breach notification to encompass standards for the collection, sharing and disposal of data.
The legislation seeks to crack down on the use of personal information by so-called “data brokers,” requiring businesses who trade in such data to provide an opt-out mechanism to consumers that is clear and conspicuous. Consumers will also have a right to know what data is being held on them, so that they can correct or delete any incorrect information. Such businesses must limit the collection of personal data to what is relevant to the conduct of their business, and they must notify consumers of the specific purposes for which their data is being processed. Importantly, this includes consumer financial data. The law applies to organizations that hold data on at least 100,000 individuals; for those that generate revenue from such data, the threshold is lowered to 25,000 persons. Data that is processed solely for the purpose of completing a business transaction is exempt from the new requirements.
What is perhaps most striking about the new law is the “Universal Opt-Out Mechanism,” which allows consumers to opt out of not only targeted ads and the sale of their data, but also user profiling. Businesses cannot collect personal data on children between the ages of 13 and 16 unless they affirmatively opt-in to the collection of such data.
Do businesses need to take any action?
Businesses should review their current data collection practices with privacy counsel to determine what steps they need to take to remain in compliance with this new law. Companies should also expect underwriters to scrutinize data collection practices even more closely at their upcoming cyber insurance renewals.
Following just behind New Jersey, a similar bill just passed both houses of the New Hampshire legislature and currently awaits the governor’s signature. If the bill is signed into law, New Hampshire will become the 14th state with its own data protection statute, making passage of a federal law more challenging.
How Can Alliant Help?
Alliant Claims is ready to engage with your organization today, to assist you in identifying and realizing your risk management objectives. Our multi-disciplinary team accomplishes this through our accelerated model of engagement, prioritization and targeted results. Reach out today to begin your journey toward optimized insurability outcomes, enabled by Alliant Claims.
News & Resources
