NJ A3339

Requires businesses and public entities in New Jersey to notify customers of data breaches within five business days, establishing a specific deadline where current law only requires notification "without unreasonable delay"

Maintains existing exceptions allowing delayed notification for legitimate law enforcement needs or when determining the scope of the breach and restoring data system integrity

Mandates that businesses or public entities must conduct an appropriate investigation and consult with relevant federal, state, and local law enforcement agencies before determining that breach disclosure is unnecessary due to low risk of information misuse

Amends the Identity Theft Prevention Act (P.L.2005, c.226) and applies to any business operating in New Jersey or public entity that maintains computerized records containing personal information