NJ A3897

Municipalities, counties, and school districts must report cybersecurity incidents through an online form developed by the Attorney General and the New Jersey Cybersecurity and Communications Integration Cell

Reporting is required when incidents compromise billing, communications, data management, or information systems, or when industrial control systems are adversely impacted

Within 30 days of receiving a report, the state must contract with an independent cybersecurity company to audit the affected entity's cybersecurity program and response actions

The Department of Law and Public Safety pays for the required audits, and entities may apply for reimbursement of other costs incurred

All information related to reported incidents, audits, and corrective action plans is exempt from public disclosure under open public records laws