Over the last four years, both the federal government and numerous state legislatures have proposed and enacted bills addressing the privacy and security of consumer data. In 2018, only two states considered such legislation. By 2022, the federal government, 29 states and the District of Columbia either introduced new data privacy bills or reintroduced bills from the 2021 legislative session. Among these bills is New Jersey Assembly Bill A505, titled the New Jersey Disclosure and Accountability Transparency Act (NJ DaTA). At the federal level, on June 21, 2022, Representative Frank Pallone (D-NJ) introduced H.R. 8152, the American Data Privacy and Protection Act (ADPPA), which represents the latest attempt at comprehensive federal legislation concerning data privacy and security.

At this point, the fate of the ADPPA and NJ DaTA remains uncertain. However, there are five states with new or amended privacy laws becoming effective in 2023, and if a business engages individuals in any of these five states (as a prospect, customer, vendor, supplier, employee or otherwise), it may have to comply with the requirements of one or more of these state laws. In addition, it is clear there is continued pressure on both federal and state lawmakers to enact laws protecting a consumer’s data privacy rights. Therefore, New Jersey businesses should prepare for the advent of new privacy and security obligations by modifying (or perhaps creating) data collection, processing, and storage policies and practices to ensure compliance with the ever-evolving obligations that come along with one of the business’s most valuable resources—an individual’s personal data.