Lucky Number 13: What to Look Out For in New Jersey’s Data Protection Law

January 24, 2024
Privacy, Cyber & AI Decoded

On January 16, 2024, New Jersey’s Governor Murphy signed New Jersey’s comprehensive state privacy law. New Jersey is the thirteenth state to adopt comprehensive consumer privacy protections.

With Congress unlikely to pass a federal law granting similar protections for consumers this year, the growing number of states enacting their own laws makes compliance obligations for businesses ever more complex. Soon, you will hear from us about New Hampshire's new privacy law, which is waiting for signature before Governor Sununu. 

Who Does the Law Apply to?

The applicability of the statute is similar to other state privacy laws. It applies to entities doing business in New Jersey or that produce products or services that are targeting New Jersey consumers that:

(1) control or process the personal data of at least 100,000 New Jersey residents, or

(2) process the personal data of at least 25,000 New Jersey residents and derive revenue or provide a discount from/for the sale of personal data.

Sale of personal data is defined, similar to the CCPA, as monetary and other valuable consideration. The law applies to the personal data of consumers and households in New Jersey.

Does Your Business Fall Within an Exception?

Key Provisions to Look Out for:


We expect the law to be actively enforced by the New Jersey Attorney General, given that historically, the New Jersey Attorney General's office has been active in the investigation and enforcement of privacy violations.

The Lucky 13 good news is that there is a 30-day cure period for organizations for violations of the law that will extend for 18 months after the January 15, 2025 effective date, and that there is no private right of action.