惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Proofpoint News Feed
The Last Watchdog
The Last Watchdog
Security Latest
Security Latest
P
Privacy International News Feed
T
Threat Research - Cisco Blogs
H
Help Net Security
T
The Exploit Database - CXSecurity.com
Know Your Adversary
Know Your Adversary
博客园_首页
S
Securelist
S
Schneier on Security
G
GRAHAM CLULEY
Cisco Talos Blog
Cisco Talos Blog
V
Visual Studio Blog
博客园 - 叶小钗
C
Cybersecurity and Infrastructure Security Agency CISA
有赞技术团队
有赞技术团队
Recent Announcements
Recent Announcements
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Microsoft Azure Blog
Microsoft Azure Blog
A
About on SuperTechFans
博客园 - 三生石上(FineUI控件)
Stack Overflow Blog
Stack Overflow Blog
量子位
L
Lohrmann on Cybersecurity
Hugging Face - Blog
Hugging Face - Blog
Engineering at Meta
Engineering at Meta
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
C
CXSECURITY Database RSS Feed - CXSecurity.com
A
Arctic Wolf
P
Privacy & Cybersecurity Law Blog
Simon Willison's Weblog
Simon Willison's Weblog
S
SegmentFault 最新的问题
The Hacker News
The Hacker News
罗磊的独立博客
博客园 - 司徒正美
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园 - 【当耐特】
Microsoft Security Blog
Microsoft Security Blog
K
Kaspersky official blog
人人都是产品经理
人人都是产品经理
博客园 - 聂微东
L
LINUX DO - 热门话题
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
V2EX
V
Vulnerabilities – Threatpost
AWS News Blog
AWS News Blog
小众软件
小众软件
Project Zero
Project Zero

Privacy & Cybersecurity Law Blog

CISA Plans to Finalize Cyber Incident Reporting Regulations in September 2026 Illinois Governor Signs Frontier AI Model Law New Hampshire Amends the NHDPA to Prohibit the Sale of Children’s Personal Data Canada’s Proposed Social Media Ban for Children and Chatbot Regulation: Bill C-34’s Impact on Platforms European Commission Unveils Cybersecurity and AI Action Plan European Commission Refers Four Member States to CJEU Over NIS2 Transposition Delays EDPB Opens Public Consultation on New Personal Data Breach Notification Template European Commission Advances New Proposal to Expand Cloud Capacity and AI Infrastructure U.S. Supreme Court FTC Ruling Prompts Fresh Scrutiny of EU-U.S. Data Privacy Framework China Issues New Measures for Network Data Security Risk Assessment China Issues Regulations on Internet Content Multi-Channel Network Distribution Services China’s First Regulatory Framework for Virtual Companions Soon to Take Effect UK Data Protection Complaints Obligations Take Effect Vermont Enacts Significant Amendments to Data Broker Legislation Vermont Becomes 23rd State with Comprehensive Consumer Privacy Law Louisiana Enacts Comprehensive Consumer Privacy Law Connecticut Signs Comprehensive AI Bill into Law China CAC Issues Guidance on Conducting Audits Technology Companies Should Prepare for FTC Enforcement of Take It Down Act HHS Reorganizes Office for Civil Rights Oregon Prohibition on Public Body Disclosures to Data Brokers for Federal Immigration Purposes Now In Effect Connecticut Privacy Law Updates: Data Broker Rules, Geolocation Sale Ban, Surveillance Pricing Restrictions, and Genetic Data Regulations NYDFS Warns of Cybersecurity Risks from Frontier AI Models UK and Australia Announce Memorandum of Understanding on AI Security FTC Announces Settlements With Three Marketing Firms Over Allegations of Deceptive Statements About Active Listening AI-Powered Services Cybersecurity Authorities Issue Joint Guidance on the Adoption of Agentic AI Systems Colorado AI Act Amended and Effective Date Delayed European Commission Releases Draft Guidelines on High-Risk AI Under the EU AI Act Texas AG Announces Lawsuit Against Netflix for Alleged Misrepresentations Regarding User Data UK ICO Recommends Targeted Changes to PECR Rules for Online Advertising California AG Announces Record $12.75M Settlement with GM over CCPA Data Minimization and Purpose Limitation Violations Illinois Department of Human Rights Issues Regulations Governing the Use of AI in Employment Decisions Delta Dental Agrees to $2.25 Million Settlement with NYDFS Over MOVEit Data Breach Response Maryland Enacts First-of-its-Kind Ban on Surveillance Pricing for Grocery Sales UK ICO Publishes Guidance on Storage and Access Technologies CIPL Report Discusses Significant Alignment between GDPR and Global CBPR CalPrivacy Announces the Agenda for its April 30–May 1 Board Meeting CalPrivacy Requests Preliminary Comments on Notices & Disclosures, Employee Data COPPA Rule Amendment Compliance Deadline Approaches House Republicans Introduce Comprehensive Federal Privacy Bill: “SECURE Data Act” Kentucky Classifies Smart TV Data as Sensitive Alabama Becomes 21st State With Comprehensive Consumer Privacy Law CalPrivacy Director Expects CCPA Compliance Audits in 2026 Virginia Bans Sale of Geolocation Data HHS’ Office for Civil Rights Settles HIPAA Investigation of Health Care Software Company New Jersey Enacts New Restrictions on Health Care Facilities’ Use of Patient Data Washington State Enacts Law Regulating AI Companion Chatbots with Private Right of Action Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators
New Jersey Adopts New Data Broker Registration Regime and Sensitive Data Sale and Licensing Restrictions
2026-07-17 · via Privacy & Cybersecurity Law Blog

New Jersey Adopts New Data Broker Registration Regime and Sensitive Data Sale and Licensing Restrictions

On June 30, 2026, New Jersey Governor Mikie Sherrill signed into law A.5328 (“the Act”), requiring data brokers and data collectors to register annually, pay a fee, make specified disclosures, and refrain from selling or licensing sensitive data.

The law took effect immediately, with the exception of provisions requiring the New Jersey Division of Consumer Affairs to establish and maintain a public registry of covered data brokers and collectors, which remain inoperative for 270 days after enactment. On July 10, the Division announced that the initial registration period for covered data brokers and data collectors will run from April 1 through June 30, 2027, and that it will provide additional guidance before that period begins.

The law creates requirements for both “data brokers” and “data collectors:”

  • A “data broker” is a person or legal entity that knowingly collects or purchases the personal data of a consumer with whom it does not have a direct relationship and sells or licenses that data to a third party.
  • A “data collector” is a business, or a unit of a business, that knowingly collects the personal data of a consumer with whom it has a direct relationship and sells or licenses that personal data to a data broker.

As a result, the law may apply not only to traditional data brokers, but also to entities that sell or license personal data obtained through a direct consumer relationship, if that data is sold to data brokers. In addition to registration and annual fee requirements, data brokers and data collectors must disclose certain information as part of the registration process and, like controllers (discussed further below), are prohibited from selling or licensing sensitive data subject to applicable statutory exemptions.

The law establishes an annual registration fee structure based on the number of New Jersey consumers whose personal data a data broker sells or licenses, or whose personal data a data collector collects and sells or licenses to a data broker. Fees start at $5,000 annually for 100,000 consumers or fewer and increase to $1.5 million annually for more than 4.5 million consumers.

The law also creates significant penalties for noncompliance. A data broker or data collector that fails to register or pay the required registration fee is liable for the unpaid registration fees for each applicable year, plus a civil penalty of $2,500 for each day of noncompliance. Failure to submit or update required registration information likewise carries a civil penalty of $2,500 per day. A data broker, controller, or data collector that unlawfully sells, offers for sale, or licenses sensitive data is liable for a civil penalty of $50,000 per record.

The law also amends New Jersey’s comprehensive privacy law to prohibit controllers from selling sensitive data. The statute defines sensitive data to include personal data revealing racial or ethnic origin, religious beliefs, mental or physical health condition, treatment, or diagnosis, certain financial information, sex life or sexual orientation, citizenship or immigration status, transgender or nonbinary status, genetic or biometric data used to uniquely identify an individual, personal data collected from a known child, and precise geolocation data. The law does not include a consent-based exception to this prohibition, and the prohibition applies to all individuals and legal entities regardless of the number of consumers whose data the individual or entity controls or processes.