Every business organized or operating in New Jersey must take note of the New Jersey Identity Theft Prevention Act, which took effect on January 1, 2006

Simply stated, the New Jersey Identity Theft Prevention Act (the “Act”) requires New Jersey businesses to destroy all records of personal information and maintain procedures for the ongoing destruction of any personal information obtained by the business. The goal is to dispose of such information once it is no longer needed to make it harder for identity thieves to acquire the information. Although there is no timeline for this destruction, personal information should be destroyed on any computer equipment hosting the information when that equipment is to be disposed of and whenever the relationship with the party providing the information has ended. The Act also requires businesses to notify any individual without delay of a breach of security of their personal information and to stop using Social Security numbers as account identifiers.

    • What kinds of New Jersey businesses are affected? The Act applies to any form of business — sole proprietorships, partnerships, corporations, associations, limited liability companies, and any other form of entity.
  • What constitutes “personal information”? Personal information is a person’s last name and first name (or initial), plus one or more of the following: (i) social security number, (ii) driver’s license number or other state identification card number, or (iii) account information related to debit or credit cards, including any password or access codes.
  • What kinds of records are involved? Paper and electronic records are governed by the Act.
  • How must the information be destroyed? The information must be impaired in such a manner as to make it undecipherable. Simply deleting computerized data is not enough.
  • Whose personal information is affected? The Act applies to anyone providing personal information to a business. Therefore, job applicants, employees, temporary staff, consultants, contractors and agents are all protected under the Act.

Among other things, the Act will require businesses to adjust their document retention policies and train relevant employees to ensure compliance with the Act.

Please do not hesitate to contact us to assist you with your compliance obligations under the Act.

March 2006