New Jersey, like other states we have written about, currently regulates a retailer’s ability to collect personal information during a credit card transaction. Beginning October 1, 2017, New Jersey retailers will need to think even further about the amount of personal information they can collect.

Under a recently signed New Jersey law, the Personal Information and Privacy Protection Act, retailers are limited in when they can run a shopper’s driver’s license or other state-issued photo ID through a scanner or other machine reader. These reasons include, inter alia, to verify a person’s identity (for example, during a return) and to verify age for age-restricted goods. The law also requires retailers that collect information under one of the permitted purposes to “securely store” such information. Companies that collect information through permitted ID card scans cannot share that information with third parties, including for marketing, advertising, or promotional purposes.

TIP: Retailers in New Jersey who scan ID cards for returns or age verification (or other permitted purposes) should review the law’s requirements, including those relating to sharing for marketing purposes.