Shostack + Friends Blog Archive


New Jersey's breach law

New Jersey’s breach notification law went into effect in mid-December 2005. Like New York’s, it requires that a state entity be notified, in addition to the persons whose info was exposed:

c. (1) Any business or public entity required under this section to disclose a breach of security of a customer’s personal information shall, in advance of the disclosure to the customer, report the breach of security and any information pertaining to the breach to the Division of State Police in the Department of Law and Public Safety for investigation or handling, which may include dissemination or referral to other appropriate law enforcement entities.

NJ’s Breach Notice Law
Ah. Unlike New York’s law, New Jersey’s makes that entity the State Police. NJ doesn’t consider information “for use by any law enforcement agency in this State or any other state or federal law enforcement agency” to be a government record, so perhaps the required notices needn’t be released (IANAL).