The Office of the New Jersey Attorney General (AG’s Office) recently announced that it will be creating a new civil enforcement unit, known as the Data Privacy & Cybersecurity Section (DPC Section), to investigate data breaches impacting New Jersey residents and to enforce federal and state data privacy and cybersecurity laws. New Jersey’s AG joins an expanding list of state AGs, including those of California, Connecticut, Indiana, Maryland, Massachusetts, New York, and North Carolina, who are dedicating more resources to data breach investigation and enforcement actions.
According to the announcement, the AG’s Office is creating the DPC Section in response to growing threats to the online privacy of New Jersey residents and in light of recent high-profile data breaches. The DPC Section will be comprised of attorneys from the Office of the Attorney General’s Law Division who will collaborate with state agencies, including the New Jersey State Police and the Division of Consumer Affairs, in investigating incidents and bringing lawsuits related to data breaches that impact New Jersey residents. In addition to civil investigation and enforcement actions, the DPC Section will be responsible for providing guidance to other branches of New Jersey’s government on privacy and cybersecurity issues.
The creation of the DPC Section signals that there will likely be more interest in and, importantly, more investigations of data privacy and security incidents by the New Jersey AG’s Office. Companies should be prepared to receive more inquiries, and potentially civil investigative demands, from the AG’s Office following breaches involving the data of New Jersey residents.