Significant changes may be coming to data privacy in New Jersey—and businesses need to pay attention. Two major developments recently surfaced regarding Daniel’s Law (N.J.S.A. 56:8-161, et seq.), New Jersey’s privacy statute designed to shield public officials’ addresses and other personal information from being disclosed online: (1) on November 13, 2025, State Senator Gordon Johnson introduced an amendment seeking to “reaffirm the law’s original intent” and address the many lawsuits that have led to what he calls a “broken” system; and (2) in 2026, the New Jersey Supreme Court will be weighing in on the existing law at the direction of the U.S. Court of Appeals for the Third Circuit, which is currently debating the law’s constitutionality under the First Amendment. These changes are poised to reshape the future of data privacy.
Proposed Legislation
Daniel’s Law was enacted in 2020 to prohibit the disclosure of home addresses and phone numbers of certain public officials to protect against harassment and harm after the murder of Daniel Anderl, son of U.S. District Court Judge Esther Salas. In 2023, the law was amended to, in pertinent part, establish monetary damages of $1,000 per violation plus punitive damages and add an assignment provision, allowing individuals covered under the law to assign their claims to third parties. This assignment provision has led to a surge of lawsuits from third parties, with hundreds filed by a single entity, alleging violations for failing to promptly remove publicly available personal information as required by the law.
Senator Johnson’s legislation would remove covered individuals’ ability to assign their claims to sue on their behalf, and it would alter the way damages are awarded, among other things. Currently, those damage awards are mandatory for any violation, regardless of the violator’s level of culpability. The proposed amendment would give judges discretion when awarding damages for willful non-compliance. The other proposed changes to Daniel’s Law include expanding the coverage of “protected individuals,” restoring the Office of Information Privacy (OIP) as the central authority for managing compliance after it was eliminated in 2023, creating an online portal simplifying registration for covered individuals and compliance for businesses, raising the window from ten to forty-five business days for those hosting shielded information to comply with removal requests, and eliminating loopholes that allow manipulation of the law.
Senator Johnson emphasized that this legislation would fix the law and stressed its importance in light of the constitutionality challenges to Daniel’s Law currently before the Third Circuit. On November 17, 2025, the bill was referred to the Senate Judiciary Committee.
Lawsuits
The hundreds of lawsuits filed under Daniel’s Law are continuing to move through the courts. In these cases, the plaintiff contends that even if a data broker missed the ten-day deadline by one day, it would be strictly liable for Daniel’s Law violations. However, a mens rea requirement is critical to enforcement because the plaintiff submitted thousands of requests to hundreds of data brokers in a short period, making strict compliance within the statutory deadline virtually impossible.
In September 2025, the Third Circuit requested guidance from the New Jersey Supreme Court after questioning the law’s constitutionality. The Third Circuit’s review is prompted by an appeal from a decision of the U.S. District Court for the District of New Jersey, where the defendants sought dismissal, arguing that the law violates the First Amendment by imposing content-based restrictions and chilling protected speech without requiring any mens rea. While the District Court agreed that the statute is content-based, it applied lesser scrutiny as a privacy measure and denied the motions to dismiss, prompting the appeal. Now, the Third Circuit certified two questions for the New Jersey Supreme Court to decide: Does Daniel’s Law require a mental state — negligence, recklessness, intent — before liability attaches? And if so, which standard applies to which remedies[1]?
On October 14, 2025, the New Jersey Supreme Court agreed to accept the Third Circuit’s application, altering the question on appeal to what mental state, if any, is required to establish liability under Daniel’s Law? Briefing before the New Jersey Supreme Court will be fully submitted by the end of 2025.
The state Supreme Court’s decision will be crucial to the law’s defense. The current version of Daniel’s Law does not contain a state of mind requirement, and violators are strictly liable for actual or statutory damages, injunctions, and attorneys’ fees and costs. Now the Supreme Court must decide between strict liability – will companies be culpable if they fail to comply with requests strictly, or will they enact a fault-based standard that would hold brokers liable only if they knowingly or recklessly refused requests to remove names? Without a mental-state requirement being interpreted in the statute, Daniel’s Law might be vulnerable to strict scrutiny under the First Amendment.
Whether through legislative reform or judicial review, Daniel’s Law is evolving—and compliance strategies must keep pace.
[1] Atlas Data Privacy Corp., et al., v. We Inform LLC, et al., No. 25-1555 (3d Cir.)
About O’Toole Scrivo, LLC
We are a carefully crafted mid-sized law firm of recognized subject matter experts practicing primarily in New York and New Jersey. We combine large-firm expertise with small-firm attention to client needs, representing businesses, insurance companies, and government entities. We are committed to delivering creative and timely results for the most high-profile and complex matters.
