New Jersey DATA Act

What is the New Jersey DATA Act?


The New Jersey Disclosure and Accountability Transparency Act (NJ DaTA) is a recently enacted data privacy law in New Jersey, that is effective from January 2025. The law aims to strengthen individual privacy rights and ensure transparency and accountability in how businesses handle personal data of residents.

This law applies to businesses that conduct business in New Jersey and either:

  • Process the personal data of at least 100,000 New Jersey residents (excluding employee data) or

  • Derive over 50% of gross revenue from selling personal data and process the data of at least 25,000 New Jersey residents.

The rights granted to consumers under NJ DaTA are:

  • Right to know about processing activities — Individuals can receive information about how their personal data is used and the potential risks associated with such processing.
  • Right to access and correct personal data — Individuals can request access to their personal data held by businesses and have it corrected if inaccurate or incomplete.
  • Right to delete personal data — Individuals can request deletion of their personal data under certain circumstances.
  • Right to opt out of the sale of personal data — Individuals can opt out of having their personal data sold to third parties.
  • Right to opt-out of targeted advertising and sale of data — Individuals can opt out of having their personal data used for targeted advertising or data being sold.

What are the obligations for businesses under NJ DATA?

  • Implement reasonable security measures to protect personal data.
  • Conduct data protection assessments for high-risk processing activities.
  • Obtain informed consent for collecting and using sensitive data.
  • Respond to consumer requests within a reasonable timeframe.
  • Disclose data collection and processing practices in a clear and accessible privacy notice.

MergeBase and New Jersey DATA Act


We comply with all the requirements set out in any US privacy law, including the one of the State of New Jersey, even though none apply to us due to the thresholds for applicability.


How Can MergeBase Help You Comply with the New Jersey DATA Act?


The first and most important step for you is to determine the most appropriate data security measures you need to implement. Once you determine them, you’ll choose the right tools, and this is where MergeBase can help.

The three most important ways MergeBase can support you in complying with the New Jersey privacy law include:

  • Vulnerability management — MergeBase proactively identifies and prioritizes vulnerabilities within open-source components used in applications processing personal data. These vulnerabilities can be exploited for unauthorized access, disclosure, or alteration, violating NJ DaTA’s security requirements.

  • Continuous monitoring — Ongoing vulnerability scanning helps companies stay ahead of potential threats and address them promptly, demonstrating continuous efforts toward robust data security.

  • Patch management integration — MergeBase reports can be integrated with patch management tools for faster vulnerability patching, reducing the window of vulnerability for personal data.