ASSEMBLY, No. 2794
STATE OF NEW JERSEY
217th LEGISLATURE
INTRODUCED FEBRUARY 8, 2016
Sponsored by:
Assemblyman JOSEPH A. LAGANA
District 38 (Bergen and Passaic)
Assemblyman PAUL D. MORIARTY
District 4 (Camden and Gloucester)
Assemblyman RAJ MUKHERJI
District 33 (Hudson)
Assemblywoman JOANN DOWNEY
District 11 (Monmouth)
Co-Sponsored by:
Assemblywoman Rodriguez-Gregg, Assemblyman Howarth, Assemblywoman Pinkin, Assemblymen McKeon and Houghtaling
SYNOPSIS
“Personal Information and Privacy Protection Act”; restricts collection and use of personal information by retail establishments for certain purposes.
CURRENT VERSION OF TEXT
As reported by the Assembly Consumer Affairs Committee on May 11, 2017, with amendments.
An Act concerning the collection of certain personal information and supplementing Title 56 of the Revised Statutes.
Be It Enacted by the Senate and General Assembly of the State of New Jersey:
1. This act shall be known and may be cited as the “Personal Information and Privacy Protection Act.”
2. a. For the purposes of this section:
“Identification card” means a driver’s license, issued pursuant to R.S.39:3-10, a probationary license, issued pursuant to section 4 of P.L.1950, c.127 (C.39:3-13.4), a non-driver photo identification card, issued pursuant to section 2 of P.L.1980, c.47 (C.39:3-29.3), or any similar card issued by another state or the District of Columbia for purposes of identification or permitting its holder to operate a motor vehicle.
“Scan” means to access the barcode or any other machine-readable section of a person’s identification card with an electronic device capable of deciphering, in an electronically readable format, information electronically encoded on the identification card.
b. A retail establishment shall scan a person’s identification card only for the following purposes:
(1) to verify the authenticity of the identification card or to verify the identity of the person if the person pays for goods or services with a method other than cash, returns an item, or requests a refund or an exchange;
(2) to verify the person’s age when providing age-restricted goods or services to the person;
(3) to prevent fraud or other criminal activity if the person returns an item or requests a refund or an exchange and the business uses a fraud prevention service company or system;
(4) to establish or maintain a contractual relationship;
(5) to record, retain, or transmit information as required by State or federal law;
(6) to transmit information to a consumer reporting agency, financial institution, or debt collector to be used as permitted by the federal "Fair Credit Reporting Act," 15 U.S.C. s.1681 et seq., “Gramm-Leach-Bliley Act,” 15 U.S.C. s.6801 et seq., and the "Fair Debt Collection Practices Act," 15 U.S.C. s.1692 et seq.; or
(7) to record, retain, or transmit information by a covered entity governed by the medical privacy and security rules pursuant to Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to the “Health Insurance Portability and Accountability Act of 1996,” Pub.L.104-191.
c. Information collected by scanning a person’s identification card pursuant to subsection b. of this section shall be limited to the person’s name, address, date of birth, 1the State issuing the identification card,1 and identification card number.
d. (1) No retail establishment shall retain information obtained pursuant to paragraphs (1) and (2) of subsection b. of this section.
(2) Any information retained by a retail establishment pursuant to paragraphs (3) through (7) of subsection b. of this section shall be securely stored, and any breach of the security of the information shall be promptly reported to the Division of State Police in the Department of Law and Public Safety and any affected person, in accordance with section 12 of P.L.2005, c.226 (C.56:8-163).
(3) No retail establishment shall sell or disseminate to a third party any information obtained pursuant to this section for any purpose, including marketing, advertising, or promotional activities, except dissemination as permitted by paragraphs (3) through (7) of subsection b. of this section 1; provided, however, that nothing in this subsection shall be construed to prevent an automated return fraud system from issuing a reward coupon to a loyal customer1.
3. a. Any person who violates the provisions of this act shall be subject to a civil penalty of $2,500 for a first violation and $5,000 for any subsequent violation. The penalty prescribed in this section shall be collected in a civil action by a summary proceeding pursuant to the "Penalty Enforcement Law of 1999," P.L.1999, c.274 (C.2A:58-10 et seq.).
b. In addition to the penalties described in this section, any person aggrieved by a violation of this act may bring an action in Superior Court to recover damages.
4. This act shall take effect on the first day of the third month next following the date of enactment.