Bill > A4093

This bill requires any person or business entity that owns or licenses personal information about a resident of the State to establish and maintain a comprehensive information security program. This program must include administrative, technical, and physical safeguards appropriate to the business's size, resources, and the amount of data it handles, and must be designed to protect the confidentiality and integrity of personal information. Key components of the program include designating employees to oversee security, identifying and assessing risks, providing employee training, implementing security policies for remote work, imposing disciplinary measures for violations, preventing terminated employees from accessing data, overseeing service providers through contracts and due diligence, restricting physical access to records, regularly monitoring systems, annually reviewing security measures, and documenting responses to security incidents. For electronic data, the program must also include secure user authentication, access controls, encryption of data transmitted wirelessly or over public networks, encryption of data on laptops and portable devices, firewall protection, up-to-date security software, and employee education on computer security. Violating these provisions will be considered an unlawful practice under the consumer fraud act, punishable by monetary penalties, cease and desist orders, and potential damages for those harmed.

Business and Industry

https://www.njleg.state.nj.us/bill-search/2026/A4093