NJ A711

Public institutions of higher education in New Jersey must establish cybersecurity plans addressing system monitoring, threat assessment, risk mitigation techniques, and incident response and recovery procedures.

Institutions must regularly update their cybersecurity plans to reflect current technologies and information security techniques.

Institutions are required to notify the New Jersey Office of Homeland Security and Preparedness of any cyber attack, consistent with P.L.2023, c.19, though phishing attempts are excluded from this notification requirement.

Institutions may consult with the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), established in 2015, for guidance on cybersecurity best practices and data protection.

"Personal information" protected under the bill includes names linked with Social Security numbers, driver's license numbers, financial account credentials, or online account login information.