NJ A1852

Businesses and public entities experiencing data breaches must notify affected New Jersey customers via written or electronic notice only, eliminating the current "substitute notice" option for large-scale breaches.

Breach notifications must include a toll-free telephone number and customer representative contact information to explain what data was compromised, how the breach is being addressed, and protective steps customers can take.

Affected customers must receive free monthly credit reports for 12 months following their initial request, with a 6-month window after breach notification to sign up for this service.

Third-party entities that compile or maintain computerized records on behalf of another business must reimburse that business for all customer notification costs and credit report fees when breaches occur on the third party's systems.

The bill takes effect on the first day of the third month following enactment and amends existing New Jersey breach notification law (P.L.2005, c.226).