Bill > A3609

Introduced Session

This bill expands protections provided under "Daniel's Law," which shields the home addresses and personal information of certain public officials and employees, to include members of the Legislature and municipal court administrators. The bill also requires the Director of the Office of Information Privacy (OIP) in the Department of Community Affairs to establish a secure portal for the purpose of prohibiting disclosure of personal information by private entities. In addition, the bill establishes civil penalties for a private entity's failure to comply with the procedures and requirements established under the bill. Covered Persons Under Daniel's Law New Jersey's "Daniel's Law," P.L.2021, c.371, was enacted to prevent harm by limiting public access to personal information of certain public officials who request protection under the law. Currently, the protections are afforded to active, formerly active, or retired judicial officers, prosecutors, law enforcement officers, child protective investigators, and immediate family members residing in the same household as these individuals. This bill would extend those protections to members of the Legislature and municipal court administrators. Expanded Definitions The bill expands the meaning of certain terms under Daniel's law and establishes and defines several new terms. The new definitions include "covered entity," "covered information," "hashed," "hashed data," "hashed query," "hashing data," "hashed registry," "member of the Legislature," and "municipal court administrator." "Covered entity" is defined under the bill to mean a person, business, or association that discloses or re-discloses on the Internet the covered information of a covered person. "Covered information" means the home address or home telephone number of a covered person. "Municipal court administrator" is defined as a person employed by a county or municipality in accordance with subsection a. of N.J.S.A.2B:12-10 and includes a deputy administrator and acting administrator designated as such in accordance with subsection b. of N.J.S.A.2B:12-10. "Hashed" means the type of value produced by hashing data. "Hashed data" means data that has been hashed. Hashed data also may be referred to as "hash values," "hash codes," or "hashes." "Hashing data" means to input data into a cryptographic, one-way, collision-resistant formula or function that maps a bit string of arbitrary length to a fixed-length bit string to produce a cryptographically secure value. "Hashed query" means a query submitted to a hashed registry. "Hashed registry" means a table or index of hashed data. Under the bill, the definition of "authorized person" is expanded to include, with the covered person's written consent, (1) the covered person's employer; (2) any union, benevolent association, or other labor association in which the covered person is a member or to which the covered person pays dues; (3) or a person designated, in writing, by the covered person to serve as the covered person's agent.Establishment of New Secure Portal Binding on Private Actors Daniel's Law established the OIP, and required the director of the OIP to establish a secure portal for these public servants to apply for redaction protections. This bill requires the director of OIP to establish a separate secure portal for prohibiting the disclosure of personal information by private, covered entities. Specifically, the bill requires the director of OIP to establish:· a process for verifying and authenticating a request submitted by an authorized person for the redaction or nondisclosure of a covered person's covered information from certain records and Internet postings, as provided under current law;· a standard form through which an authorized person may submit or revoke a request for the redaction or nondisclosure of a covered person's covered information from certain records and Internet postings. The form is must:o require an authorized person to submit the covered information;o allow an authorized person to submit or revoke request for the redaction or nondisclosure of the covered information of a single person, or multiple persons on a single form;· reasonable security procedures and practices necessary to protect the information contained in the secure portal from unauthorized access, use, disclosure, destruction, or modification. The director is required to annually evaluate the security procedures and practices, and revise them as the director deems appropriate; and· an initial fee and, thereafter, an annual fee, for a covered entity to access the portal; · and implement procedures for maintaining on the portal independent, searchable registries of each type of covered information; and· a process for a covered entity to certify to the director each date that the covered entity has accessed the registry; the covered information for each covered person for whom the covered entity has processed a request; and each request to protect the covered information for a covered person that was approved by the director and received by the covered entity, but was unable to be processed by the covered entity and the reason the covered entity was unable to process the request. Required Certifications and Penalties The bill requires a covered entity to access the secure portal at least once during each 45-day period to determine whether a request to prevent disclosure of a covered person's covered information has been approved by the director. The bill further requires a covered entity to certify to the director not less than once during each 45-day period:· each date that the covered entity accessed the secure portal;· each covered person for whom the covered entity has processed a request approved by the director; and· each request on behalf of a covered person that was received by a covered entity and approved by the director, but that the covered entity was unable to process and the reason the covered entity was unable to process the request. In addition to any other penalty provided by law, a covered entity that fails to access the secure portal as required under the bill is be subject to a civil penalty in the amount of $200 for each 45-day period that the entity fails to access the portal. Prior to initiating an enforcement action, the Commissioner of the Department of Community Affairs is required to issue a notice to the covered entity of the violation, and provide the covered entity an opportunity to cure the violation within 30 days of the notice. If the covered entity fails to cure the violation within the 30-day period, the commissioner shall initiate an enforcement action.

AI Summary

Committee Categories

Lou Greenwald (D)*, 

Introduced, Referred to Assembly Judiciary Committee (on 01/13/2026)

Official Document