New Jersey Creates New Data Privacy & Cybersecurity Enforcement Unit
June 28, 2018
The Office of the Attorney General Recently Announced the Creation of a New Unit, the Data Privacy & Cybersecurity Section
New Jersey is stepping up its cyber enforcement. The Office of the Attorney General recently announced the creation of a new unit, the Data Privacy & Cybersecurity (DPC) Section, which is tasked with protecting the online privacy of New Jersey residents.
Increase in Data Breaches Impacting New Jerseyans
Under New Jersey’s Identity Theft Prevention Act, any business that operates in New Jersey or any public entity that compiles or maintains computerized records that include personal information must report a breach of security to the State Police. The impacted entity must also notify affected individuals who are New Jersey residents and whose personal information was or believed to have been accessed by an unauthorized person.
Last year, the New Jersey Attorney General’s Office and the State Police published the state’s first annual data breach report. The report revealed that more than 116,000 New Jersey residents fell victim to 676 data breaches reported in 2016. Such incidents are expected to increase. Most recently, Facebook’s transfer of personal information to Cambridge Analytica impacted approximately 1.6 million users in New Jersey.
New Data Privacy & Cybersecurity Section
To address mounting cyber and data privacy threats, New Jersey has joined a growing number of states that are enhancing regulatory oversight. According to a press statement by the Office of the New Jersey Attorney General (AG’s Office), the new DPC Section will be housed within the Division of Law’s Affirmative Civil Enforcement Practice Group. The Section will be staffed by Division of Law attorneys whose specific charge will be to enforce laws that protect New Jersey residents’ data privacy and cybersecurity by bringing affirmative civil actions against violators. The DPC Section will also be tasked with providing legal advice to the State’s Executive Branch agencies on compliance with cyber-related state and federal laws and standards.
Attorneys assigned to the DPC Section will collaborate with State Police, the Division of Consumer Affairs, and other state agencies in managing investigations and bringing related civil litigation when New Jersey residents are victimized by data breaches and the unauthorized collection, use, and dissemination of their personal information. The new unit has already been assigned to oversee the state’s investigation into Facebook’s data privacy lapses.
“The Attorney General’s Office has long played a role in protecting our residents from cyber threats, but given recent developments, we realized that we needed to double down on those efforts,” said Attorney General Grewal. “That’s why we are creating a new unit of attorneys dedicated to enforcing data privacy and cybersecurity laws. This unit will be tasked with making sure that we’re looking out for the interests of New Jersey’s residents whenever there’s a major data breach or improper use of customers’ online information.”
The creation of the new unit signals that an uptick in data privacy and cybersecurity investigations is likely on the horizon. New Jersey businesses should evaluate their current cyber policies and procedures to verify that they will be able to withstand additional scrutiny.
Do you have any feedback, thoughts, reactions or comments concerning this topic? Feel free to leave a comment below for Fernando M. Pinguelo. If you have any questions about this post, please contact me or the Scarinci Hollenbeck attorney with whom you work. To learn more about data privacy and security, visit eWhiteHouse Watch – Where Technology, Politics, and Privacy Collide (http://ewhwblog.com).