NJ S1354

Bill

NJ S1354

Requires controller or processor to de-identify personal data and prohibits re-identification of de-identified data.

Introduced
01/13/2026

In Committee
01/13/2026

Crossed Over

Passed

Dead

Introduced Session

2026-2027 Regular Session

Bill Summary

This bill amends current law on the sale or processing of personal data to provide that a controller or processor of personal data is required to de-identify personal data before sale. The bill also prohibits a controller or processor from (1) re-identifying de-identified data before or after the sale of personal data that has been previously de-identified; (2) providing a third party the means to re-identify personal data after the sale of de-identified data to the third party; or (3) engaging a third party to re-identify de-identified data before or after the sale of the de-identified data. Pursuant to the bill, "re-identify" means to link de-identified data to an identified or identifiable individual, or a device linked to such an individual. The bill requires the Director of the Division of Consumer Affairs (director) in the Department of Law and Public Safety to establish standards for the de-identification of personal data. The bill also permits the director to allow exceptions to the requirements of de-identification or prohibitions on re-identification, provided that: (1) the director expects any exception to benefit the public; and (2) any exception is limited to the purpose of medical studies or the purpose of preventing or alleviating environmental hazards.

AI Summary

This bill requires that any entity that controls or processes personal data (a "controller" or "processor") must first de-identify it before selling it, meaning they must remove any information that could reasonably be used to identify an individual. It also strictly prohibits these entities from re-identifying de-identified data, either themselves or by providing others with the means to do so, with "re-identify" meaning to link de-identified data back to a specific person or their device. The Director of the Division of Consumer Affairs will establish standards for de-identification and can grant limited exceptions for medical studies or to prevent environmental hazards, provided these exceptions benefit the public. This legislation aims to enhance privacy protections for personal data by preventing its unauthorized re-identification after it has been anonymized for sale.

Committee Categories

Business and Industry

Sponsors (1)

Joe Pennacchio (R)*,

Last Action

Introduced in the Senate, Referred to Senate Commerce Committee (on 01/13/2026)

Official Document

https://www.njleg.state.nj.us/bill-search/2026/S1354

(2 Companion Bills)

Version:

Document Type	Source Location
State Bill Page	https://www.njleg.state.nj.us/bill-search/2026/S1354
BillText	https://pub.njleg.gov/Bills/2026/S1500/1354_I1.HTM

Bill	Bill Name	Last Action	Type
A4741	Requires controller or processor to de-identify personal data and prohibits re-identification of de-identified data.	Introduced, Referred to Assembly Science, Innovation and Technology Committee	Carry Over
S4315	Requires controller or processor to de-identify personal data and prohibits re-identification of de-identified data.	Introduced in the Senate, Referred to Senate Commerce Committee	Carry Over

Bill > S1354

summary

Introduced Session

Bill Summary

AI Summary

Committee Categories

Sponsors (1)

Last Action

Official Document

bill text

bill summary

bill summary

bill summary