NJ A1401

Bill

Exempts certain personal information and entities from certain requirements concerning notification and disclosure of personal data.

Introduced
01/13/2026

In Committee
01/13/2026

Crossed Over

Passed
01/13/2026

Dead

Signed/Enacted/Adopted
01/13/2026

Introduced Session

2026-2027 Regular Session

Bill Summary

This bill exempts insurance-support organizations and national securities associations from the provisions of current law that require certain entities to notify consumers of collection and disclosure of personal data. Under current law, insurance institutions and other entities are exempt from those requirements. The bill exempts certain data from disclosure requirements under current law, including: (1) information treated like protected health information collected, used, or disclosed by a covered entity or business associate under the "Health Insurance Portability and Accountability Act of 1996" (HIPAA), when the information is used or disclosed in accordance with HIPAA and the information is afforded all the privacy protections and security safeguards of the federal laws and implementing regulations under HIPAA; and (2) human subjects research conducted in accordance with good clinical practice guidelines issued by The International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use. Finally, the bill expands the definition of de-identified data under current law to include data de-identified in accordance with the requirements in HIPAA, where any recipients of that data are contractually prohibited from attempting to reidentify the data.

AI Summary

This bill exempts insurance-support organizations and national securities associations from certain requirements that mandate notification to consumers about the collection and disclosure of their personal data, mirroring existing exemptions for insurance institutions. It also carves out specific types of data from disclosure requirements, including protected health information (PHI) handled under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) when used in compliance with HIPAA's privacy and security rules, and data from human subjects research conducted according to international good clinical practice guidelines. Furthermore, the bill expands the definition of "de-identified data," which is information that cannot reasonably be linked back to an individual, to include data de-identified according to HIPAA standards, provided recipients are contractually forbidden from attempting to re-identify it.

Committee Categories

Business and Industry

Sponsors (2)

Cody Miller (D)*, Ellen Park (D)*,

Last Action

Withdrawn Because Approved P.L.2025, c.367. (on 01/13/2026)

Official Document

https://www.njleg.state.nj.us/bill-search/2026/A1401

(2 Companion Bills)

Version:

Document Type	Source Location
State Bill Page	https://www.njleg.state.nj.us/bill-search/2026/A1401
BillText	https://pub.njleg.gov/Bills/2026/A1500/1401_I1.HTM

Bill	Bill Name	Last Action	Type
A5017	Exempts certain personal information and entities from certain requirements concerning notification and disclosure of personal data.	Approved P.L.2025, c.367.	Carry Over
S4259	Exempts certain personal information and entities from certain requirements concerning notification and disclosure of personal data.	Substituted by A5017 (3R)	Carry Over

Bill > A1401

summary

Introduced Session

Bill Summary

AI Summary

Committee Categories

Sponsors (2)

Last Action

Official Document

bill text

bill summary

bill summary

bill summary