Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Third Party: Specific Obligations
  • Third Party: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws
brings penalties and/or civil relief of 3x damages

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Third Party Management
  • Data Protection
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Breach reporting should be made to the Division of State Police in the Department of Law and Public Safety for investigation or handling, prior to consumer notifications.
  • If a determination is made that notification will not be required, the decision must be documented in writing and maintained for five years.
  • If more than 1,000 persons must be notified about a breach of security, then consumer reporting agencies should be made aware of the breach without unreasonable delay.
  • Specific provisions protect personal information relating to health records and credit card records.
  • Laws cover data protection and data disposal to prevent breaches.
  • Vendors who compile or maintain computerized records must notify the data owners of any breach of personal information immediately following discovery. The data owner will be responsible to complete the reporting and consumer notification.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.

Statutes and Laws

  • N.J. Rev. Stat. §§ 56: 8-161 – 56:8-166 Security of personal information (2005)

    N.J. Rev. Stat. §§ 56: 8-196 – 56:8-198 Restrictions for health insurance carrier relative to certain computerized records (2014)

    N.J. Rev. Stat. §§ 56:11-17 – 56:11-18 Personal identification information not required for credit card transaction (1990)

    N.J. Rev. Stat. § 56:11-24 – 56:11-27 Credit Card Transactions (1991)

    N.J. Rev. Stat. § 56:11-42 – 56:11-43 Electronic printing of credit card numbers on sales receipts, regulated (2002)

    N.J. Rev. Stat. §§ 56:11-44 – 56:11-50 Identity Theft Prevention Act (2005)

    N.J. Rev. Stat. §§ 56:11-53 – 56:11-55 Personal Information and Privacy Protection Act (2017)

BAck to map