Back to New Jersey

A2067 • 2026

Requires disclosure of breach of security of geolocation data.

Requires disclosure of breach of security of geolocation data.

Technology
Passed Legislature

This bill passed both chambers and reached final enrollment, even if later executive action is not shown here.

Sponsor
Carter, Linda S.
Last action
2026-01-13
Official status
Introduced, Referred to Assembly Science, Innovation and Technology Committee
Effective date
Not listed

Plain English Breakdown

Using official source text because the generated explanation was unavailable or could not be confirmed against the official bill text.

Requires disclosure of breach of security of geolocation data.

Requires disclosure of breach of security of geolocation data.

What This Bill Does

  • Requires disclosure of breach of security of geolocation data.
  • Topic: Science, Innovation and Technology Fiscal note: This bill has not been certified by OLS for a fiscal note.

Limits and Unknowns

  • This entry is temporarily using official source text because the generated explanation could not be confirmed against the official bill text during the last sync.

Bill History

  1. 2026-01-13 New Jersey Legislature

    Introduced, Referred to Assembly Science, Innovation and Technology Committee

Official Summary Text

Requires disclosure of breach of security of geolocation data.
Topic:
Science, Innovation and Technology
Fiscal note:
This bill has not been certified by OLS for a fiscal note.

Current Bill Text

Read the full stored bill text
A2067

ASSEMBLY, No. 2067

STATE OF NEW JERSEY

222nd LEGISLATURE

�

PRE-FILED FOR INTRODUCTION IN THE 2026 SESSION

Sponsored by:

Assemblywoman LINDA S. CARTER

District 22 (Somerset and Union)

Assemblyman CLINTON CALABRESE

District 36 (Bergen and Passaic)

Assemblyman WILLIAM W. SPEARMAN

District 5 (Camden and Gloucester)

SYNOPSIS

���� Requires disclosure of breach of security of
geolocation data.

CURRENT VERSION OF TEXT

���� Introduced Pending Technical Review by Legislative
Counsel.

��

An Act

concerning disclosure of breaches of security
and amending P.L.2005, c.226.

����
Be It
Enacted
by the Senate and General Assembly of
the State of New Jersey:

1.

Section 10 of
P.L.2005, c.226 (C:56:8-161) is amended to read as follows:

���� 10.� As used in sections 10
through 15 of
[
this
amendatory and supplementary act
]

P.L.2005, c.226 (C.56:8-161 through C.56:8-166)
:

���� "Breach of security"
means unauthorized access to electronic files, media or data containing
personal information that compromises the security, confidentiality or
integrity of personal information when access to the personal information has
not been secured by encryption or by any other method or technology that
renders the personal information unreadable or unusable.� Good faith
acquisition of personal information by an employee or agent of the business for
a legitimate business purpose is not a breach of security, provided that the
personal information is not used for a purpose unrelated to the business or
subject to further unauthorized disclosure.

���� "Business" means a
sole proprietorship, partnership, corporation, association, or other entity,
however organized and whether or not organized to operate at a profit,
including a financial institution organized, chartered, or holding a license or
authorization certificate under the law of this State, any other state, the
United States, or of any other country, or the parent or the subsidiary of a
financial institution.

���� "Communicate" means
to send a written or other tangible record or to transmit a record by any means
agreed upon by the persons sending and receiving the record.

���� "Customer" means an
individual who provides personal information to a business.

����
"Geolocation"
means the location of an individual, determined by the location of an
electronic device, including, but not limited to, a cellular phone, computer,
or tablet.

���� "Individual" means a
natural person.

���� "Internet" means the
international computer network of both federal and non-federal interoperable
packet switched data networks.

���� "Personal
information" means an individual's first name or first initial and last
name linked with any one or more of the following data elements:� (1) Social
Security number; (2) driver's license number or State identification card
number;
[
or
]
(3) account

number or credit or debit card
number, in combination with any required security code, access code, or
password that would permit access to an individual's financial account
; or
(4) geolocation
.� Dissociated data that, if linked, would constitute
personal information is personal information if the means to link the
dissociated data were accessed in connection with access to the dissociated
data.

���� For the purposes of sections
10 through 15 of
[
this
amendatory and supplementary act
]

P.L.2005, c.226 (C.56:8-161 through C.56:8-166)
, personal information
shall not include publicly available information that is lawfully made
available to the general public from federal, state or local government
records, or widely distributed media.

���� "Private entity"
means any individual, corporation, company, partnership, firm, association, or
other entity, other than a public entity.

���� "Public entity"
includes the State, and any county, municipality, district, public authority,
public agency, and any other political subdivision or public body in the
State.� For the purposes of sections 10 through 15 of
[
this
amendatory and supplementary act
]

P.L.2005, c.226 (C.56:8-161 through C.56:8-166)
, public entity does not
include the federal government.

���� "Publicly post" or
"publicly display" means to intentionally communicate or otherwise
make available to the general public.

���� "Records" means any
material, regardless of the physical form, on which information is recorded or
preserved by any means, including written or spoken words, graphically
depicted, printed, or electromagnetically transmitted.� Records does not include
publicly available directories containing information an individual has
voluntarily consented to have publicly disseminated or listed.

(cf: P.L.2005, c.226, s.10)

���� 2.��� This act shall take
effect on the 90th day next following enactment.

STATEMENT

���� This bill requires entities
that compile or maintain computerized records that include geolocation data to
disclose to consumers breaches of security of geolocation information.�

���� Under current law, businesses
and public entities are required to disclose breaches that involve personal
information.� Under current law, �personal information� is defined as an
individual's first name or first initial and last name linked with any one or
more of the following data elements: Social Security number; driver�s license
number, or credit or debit card number, in combination with any required
security code, access code, or password that would permit access to an individual�s
financial account. The bill adds geolocation data to the definition of
�personal information� so that a breach of geolocation data would require
businesses and public entities to disclose the breach to consumers.