Loading chat...
NJ S1354
Bill
Status
Introduced
1/13/2026
Primary Sponsor
Joseph Pennacchio
Click for details
AI Summary
- Controllers and processors must de-identify personal data before selling it, ensuring data cannot reasonably be linked to an identified individual
- Re-identification of previously de-identified data is prohibited, including providing third parties the means to re-identify data or engaging third parties to perform re-identification
- The Director of Consumer Affairs must establish standards for de-identification and may grant limited exceptions only for medical studies or preventing environmental hazards if they benefit the public
- Violations constitute unlawful practices under New Jersey consumer protection law, with enforcement authority held exclusively by the Attorney General's Office
- The act takes effect 365 days after enactment, amending New Jersey's existing data privacy law (P.L.2023, c.266)
Legislative Description
Requires controller or processor to de-identify personal data and prohibits re-identification of de-identified data.
Commerce
Last Action
Introduced in the Senate, Referred to Senate Commerce Committee
1/13/2026
Committee Referrals
Commerce1/13/2026
Full Bill Text
No bill text available