Bill > S3412

Introduced Session

This bill requires any person, corporation, association, partnership or other legal entity that owns or licenses personal information about a resident of this State to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are necessary to protect the personal information. The definition of "person" means a natural person, corporation, association, partnership or other legal entity, other than an agency, department, board, commission, bureau, division or authority of the State or any political subdivision thereof. It also includes, but is not limited to, a financial service firm, investment firm, and digital asset business. "Person" does not include certain insured depository institutions, insured credit unions, and financial institutions or affiliates of a financial institution. The bill provides that it would be an unlawful practice under the consumer fraud act, P.L.1960, c.39 (C.56:8-1 et seq.), to willfully, knowingly or recklessly violate the provisions of the bill. An unlawful practice is punishable by a monetary penalty of not more than $10,000 for a first offense and not more than $20,000 for any subsequent offense. Additionally, a violation can result in cease and desist orders issued by the Attorney General, the assessment of punitive damages, and the awarding of treble damages and costs to those injured as a result of the violation.

AI Summary

Committee Categories

Nellie Pou (D)*,  Bob Singer (R)*, 

Introduced in the Senate, Referred to Senate Commerce Committee (on 12/19/2022)

Official Document