DBN Statutes – New Jersey

Data Breach Notification Statutes – New Jersey

Last Updated: 02/28/2024

  • Applicable Statute: N.J. Stat. Ann §§  56:8-161,-163,-165
  • Attorney General Notice Required: Yes, notify the Division of State Police if any resident is notified.
    • Timing: Before notifying residents, must report the breach and related information pertaining to it to the Division of State Police in the Department of Law and Public Safety.
    • Method: Online form at : https://www.cyber.nj.gov/breach/
    • Content: See above re form.
  • Consumer Notice Requirements:
    • Timing: Must be made in the most expedient time possible and without unreasonable delay consistent with any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the system.
    • Method:
      • (1) By written notice or electronic notice if consistent with E-SIGN.
      • (2) If the breach involves usernames or email addresses in combination with a password or security question and answer that allows access to an online account, and does not involve any other personal information, notice may be made by email or other form directing the resident to change the password and security question or answer; or take other steps to protect the account(s)where the resident uses the same username or email address and password, or security question, or answer.

        An entity that furnishes an email account cannot provide notice to the user via the same affected email account but must provide notice by another approved method or by clear and conspicuous notice delivered to the consumer online when the consumer is connected to the online account from an IP address or online location from which the entity knows the consumer customarily accesses the account.
  • Consumer Reporting Agency Obligations: If more than 1,000 residents are notified, the entity must notify all nationwide credit reporting agencies without unreasonable delay as to the timing, distribution, and content of consumer notices.
Please Note: The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience; Klinedinst PC and its attorneys do not recommend or endorse the contents of the third-party sites. Readers of this website should contact an attorney to obtain advice with respect to any particular legal matter. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client relationship between the reader, user, or browser and website authors, contributors, Klinedinst PC or its attorneys. Content included on this site is subject to change and users should note the date of last update when reviewing such contents. The content is provided "as is;" no representations are made that the content is error-free. Klinedinst PC has offices in several US states but does not practice law where its attorneys are not licensed. While this website refers to the laws of all 50 states, Klinedinst PC does not practice law in a several such states and visitors of this website are put on notice that neither Klinedinst PC, nor its attorneys, are or will provide legal advice for states where its attorneys are not licensed.

Data Breach Notification Statutes

Practice Attorneys


Related Practice Areas



Subscribe to Privacy and Data Security Newsletter

* indicates required