NJ attorney general creates new unit that will handle state’s investigation of Facebook and other data security issues

New Jersey Attorney General Gurbir Grewal announced today that a new civil enforcement unit called the”data privacy and cybersecurity section” will be created within his office to handle the state’s ongoing investigation into Facebook and other data privacy issues.

The new unit will be housed within the New Jersey Division of Law’s affirmative civil enforcement practice group. The unit will be staffed by Division of Law attorneys who will work to enforce laws that protect New Jersey residents’ online data privacy by bringing civil actions against violators. Another role of the unit will be to provide legal advice to the state’s executive branch agencies on compliance with cyber-related state and federal laws and standards.

“The attorney general’s office has long played a role in protecting our residents from cyber threats, but given recent developments, we realized that we needed to double down on those efforts,” Grewal said. “That’s why we are creating a new unit of attorneys dedicated to enforcing data privacy and cybersecurity laws. This unit will be tasked with making sure that we’re looking out for the interests of New Jersey’s residents whenever there’s a major data breach or improper use of customers’ online information.”

Attorneys assigned to the unit will collaborate with the New Jersey State Police, the New Jersey Division of Consumer Affairs and other state agencies in managing investigations and taking legal action when residents are victimized by data breaches and the unauthorized collection, use and dissemination of their personal information, officials said.

The unit will take over the office’s ongoing investigation into Facebook’s transfer of personal information to Cambridge Analytica which, according to Facebook, has affected about 1.6 million users in New Jersey.

In 2017 the attorney genera;’s office won a settlement with Horizon Health Care Services, Inc. arising from a prior data breach. In 2013, the office won a settlement with app developer Dokogeo, Inc. for collecting personal information about children who used one of the company’s games, and in 2017 the office won a settlement with Target, Inc. that resolved a multi-state investigation into a breach of Target’s customer data four years earlier.