SENATE, No. 2948

STATE OF NEW JERSEY

216th LEGISLATURE

INTRODUCED MAY 18, 2015

Sponsored by:

Senator  LORETTA WEINBERG

District 37 (Bergen)

SYNOPSIS

     Requires online data brokers to establish accountability and transparency measures for collection and use of personal information.

CURRENT VERSION OF TEXT

     As introduced.

An Act concerning online data brokers and personal information and supplementing Title 56 of the Revised Statutes.

     Be It Enacted by the Senate and General Assembly of the State of New Jersey:

     1.    This act shall be known and may be cited as the "New Jersey Data Broker Accountability and Transparency Act."

     2.    As used in P.L.    , c.    (C.        ) (pending before the Legislature as this bill):

     "Division" means the Division of Consumer Affairs in the Department of Law and Public Safety.

     "Online data broker" means a commercial entity that collects or maintains the personal information of a subject individual who is a resident of this State and not a customer or employee of that entity, for the purposes of selling the personal information over the Internet.

     "Personal information" means any information that identifies, relates to, describes, or is associated with, a subject individual, including, but not limited to, the subject individual's name, signature, social security number, physical characteristics, address, cellular or telephone number, passport number, driver's license or State identification card number, insurance policy number, education, employment, bank account number, credit or debit card number, or any other financial, medical, or health insurance information. "Personal information" shall not include information that is lawfully made available to the general public from federal, State, or local government records.

     "Subject individual" means the person to whom the personal information pertains.

     "Written" means documentation in writing, and includes facsimile, telegraph, electronic mail, and other forms of electronic communication.

     3.    a.  An online data broker that sells or offers for sale the personal information of any resident of this State shall:

     (1)   establish reasonable procedures, pursuant to rules and regulations adopted by the division pursuant to section 6 of P.L.    , c.    (C.        ) (pending before the Legislature as this bill), to ensure the maximum possible accuracy of the personal information it collects or maintains; and

     (2)   permit a subject individual to correct or review the subject individual's personal information either by submitting a written request or by means of an electronic search through a secure online system, pursuant to rules and regulations adopted by the division pursuant to section 6 of P.L.    , c.    (C.        ) (pending before the Legislature as this bill).

     b.    An online data broker may collect or maintain information that may be inaccurate with respect to a subject individual if that information is being collected or maintained solely for the purpose of:

     (1)   indicating whether there may be a discrepancy or irregularity in the personal information;

     (2)   helping to identify or to authenticate the identity of a subject individual; or

     (3)   helping to protect against or investigate fraud or other unlawful conduct.

     4.    a.  An online data broker shall clearly and conspicuously post a notice on its Internet website, which shall include specific instructions for a subject individual to permanently remove personal information from the online data broker's database, by making a written demand to have the information removed, in a manner consistent with the rules and regulations adopted by the division pursuant to section 6 of P.L.    , c.    (C.        ) (pending before the Legislature as this bill).

     b.    An online data broker that receives a written demand from a subject individual pursuant to subsection a. of this section shall remove the subject individual's personal information from public display on the Internet within 10 days of delivery of the written demand, and shall ensure that the information is not reposted on the same Internet website, a subsidiary site, or any other Internet website owned, controlled, or maintained by the online data broker receiving the written demand. The online data broker shall not transfer the subject individual's personal information to any other person, business, or association after receiving a subject individual's written demand.

     5.    a.  It shall be an unlawful practice and a violation of P.L.1960, c.39 (C.56:8-1 et seq.) for an online data broker to solicit or accept the payment of a fee or other consideration to review or permanently remove personal information from the online data broker's database.  Each payment solicited or accepted in violation of this section shall constitute a separate violation.

     b.    In addition to any other sanction, penalty, or remedy provided by law, a subject individual may bring a civil action in any court of competent jurisdiction against any person in violation for damages as a result of a violation of P.L.    , c.    (C.        ) (pending before the Legislature as this bill), along with costs, reasonable attorney's fees, and any other legal or equitable relief.

     6.    The division shall adopt rules and regulations necessary to effectuate the purposes of P.L.    , c.    (C.        ) (pending before the Legislature as this bill) pursuant to the "Administrative Procedure Act," P.L.1968, c.410 (C.52:14B-1 et seq.).  The rules and regulations shall include, but not be limited to: reasonable procedures for an online data broker to follow to ensure the maximum possible accuracy of the personal information it collects or maintains; the manner in which an online data broker is to clearly and conspicuously post a notice on its Internet website with instructions for permanently removing personal information from the online data broker's database; and the manner in which a subject individual may correct or review the subject individual's personal information.

     7.    This act shall take effect immediately.

STATEMENT

     This bill establishes the "New Jersey Data Broker Accountability and Transparency Act."  The bill requires an online data broker that sells the personal information of any resident of New Jersey to establish reasonable procedures to ensure the maximum possible accuracy of the personal information it collects or maintains.  The bill permits an online data broker to collect or maintain information that may be inaccurate for the purposes of helping to identify or protect against instances of fraud or unlawful conduct.

     This bill permits an individual to review and correct his or her personal information. The bill requires an online data broker to clearly and conspicuously post a notice on its Internet website that includes specific instructions for an individual to permanently remove his or her personal information from the online data broker's database by making a written demand to have the information permanently removed.

     The bill requires an online data broker that receives a written demand from an individual pursuant to this bill to remove the individual's personal information from public display on the Internet and to take specified additional steps to ensure that the information is not reposted.

     Under the bill, it is an unlawful practice subject to penalties provided in N.J.S.A.56:8-1 et seq. for an online data broker to solicit or accept the payment of a fee or other consideration to review or permanently remove personal information from the online data broker's database.  Under N.J.S.A.56:8-1 et seq., in addition to any other penalty provided by law, violators are liable to a penalty of not more that $10,000 for the first offense and not more than $20,000 for the second and each subsequent offense.  Further, violators are liable to a penalty of not more than $10,000 if the violator knew or should have known that the victim is a senior citizen or a person with a disability and a penalty of not more than $30,000 if the violation was part of a scheme, plan, or course of conduct directed at senior citizens or persons with disabilities.  The bill authorizes an individual to bring a civil action as a result of a violation of the bill's provisions.