TRENTON, NJ – Responding to growing threats to the online privacy of New Jersey’s residents, Attorney General Gurbir S. Grewal announced Monday that he’ll create a new civil enforcement unit, known as the Data Privacy & Cybersecurity (DPC) Section, within his office.
This new section will be housed within the Division of Law’s Affirmative Civil Enforcement Practice Group. The Section will be staffed by Division of Law attorneys whose specific charge will be to enforce laws that protect New Jersey residents’ data privacy and cybersecurity by bringing affirmative civil actions against violators. Another role of the Section will be to provide legal advice to the State’s Executive Branch agencies on compliance with cyber-related state and federal laws and standards.
“The Attorney General’s Office has long played a role in protecting our residents from cyber threats, but given recent developments, we realized that we needed to double down on those efforts,” said Attorney General Grewal. “That’s why we are creating a new unit of attorneys dedicated to enforcing data privacy and cybersecurity laws. This unit will be tasked with making sure that we’re looking out for the interests of New Jersey’s residents whenever there’s a major data breach or improper use of customers’ online information.”
Attorneys assigned to the DPC Section will collaborate with State Police, the Division of Consumer Affairs and other state agencies in managing investigations and bringing related civil litigation when New Jersey residents are victimized by data breaches and the unauthorized collection, use and dissemination of their personal information.
Among other projects, the Section will assume responsibility for the Office’s ongoing investigation into Facebook’s transfer of personal information to Cambridge Analytica which, according to Facebook, has affected approximately 1.6 million users in New Jersey.
The Section will also seek to build on the office’s past successes in protecting residents’ data privacy. In the recent past, the Attorney General’s Office has secured several significant settlements, including a 2017 settlement with Horizon Health Care Services, Inc. arising from a prior data breach, a 2013 settlement with app developer Dokogeo, Inc. for collecting personal information about children who used one of the company’s games, and a 2017 settlement with Target, Inc. that resolved a multi-state investigation into a breach of Target’s customer data four years earlier.
In addition to the DPC section, which will handle civil investigations and enforcement matters, the Attorney General’s Office also operates within the Division of Criminal Justice a Financial & Computer Crimes Bureau, which is responsible for criminal prosecutions of cybercrimes.