In 2020, New Jersey's Daniel's Law was enacted in response to the tragic death of Daniel Anderl, the son of a New Jersey judge. Daniel's Law established a new right for judges, law enforcement officers, certain other state officials, and their immediate family members in the same home to request that both the state government and any person or business stop disclosure of their home address and unpublished home telephone number.
While the law was on the books for four years, starting in January 2024 companies began to receive thousands of requests from individuals via a third-party service, Atlas Data Privacy Corporation. Following these requests and the alleged failure to comply with the law's requirements, Atlas Data Privacy filed more than 100 lawsuits in New Jersey state court on behalf of those individuals.
Below are key provisions of the law and items that all entities that maintain address and phone number information about New Jersey residents should consider.
Key Statutory Provisions and Considerations:
- Definition of "covered persons." The law permits judges, law enforcement officers, child protective investigators, and their immediate family members residing in the same household to make requests.
- Definition of disclosure. Upon a request, a business is required to cease disclosure or re-disclosure on the Internet or "otherwise make available" the covered information. The term "disclosure" is broadly defined to mean to solicit, sell, manufacture, give, provide, lend, trade, mail, deliver, transfer, post, publish, distribute, circulate, disseminate, present, exhibit, advertise, or offer, and shall include making available or viewable within a searchable list or database, regardless of whether a search of such list or database is actually performed.
- Short time for compliance. Entities are required to process a "non-disclosure" request no later than 10 business days following receipt.
- No verification of requests. Unlike state omnibus data privacy laws, Daniel's Law does not explicitly address verification or authentication of rights requests.
- Liability and enforcement. The law is enforced through actual damages (not less than $1,000 of liquidated damages available per violation); punitive damages upon proof of willful or reckless disregard of the law; reasonable attorney's fees and other litigation costs; and any other preliminary and equitable relief the court deems appropriate when an entity fails to honor a request.
- Assignment of claims. The law contains a provision that allows covered persons to assign their claims to a third party, which Atlas Data Privacy has invoked to file hundreds of lawsuits, purportedly on behalf of covered persons.
Any entity that interacts with New Jersey residents should ensure that it monitors its "privacy inbox" for requests under Daniel's Law. They should also review any potentially covered data they hold to determine whether it is disclosed to others and how an opt-out request can be acted upon within the tight window provided by the law. If you have further questions about Daniel's Law, please contact Venable's Privacy and Data Security team.
About Venable: Venable's Privacy and Data Security Practice Group has extensive experience counseling clients on obligations under novel state privacy laws. Please feel free to reach out to us if you would like to learn more about state privacy laws' applicability to your organization or what you can do to assess your compliance posture with respect to these new laws.