Penrod Blog

Understanding the Implications of New Jersey Senate Bill 332

What Healthcare Companies Need To Comply

Written by Matt Fiel

Privacy and security are crucial in the healthcare industry as it involves sensitive and personal information about patients. Healthcare providers need to take extra measures to ensure that the data they handle is securely processed and not misused. New Jersey Senate Bill 332 or Assembly Bill 1972 aims to strengthen data privacy and security measures in the state. In this blog, we will delve into the implications of this new bill and its impact on healthcare companies in New Jersey.

Does S332 apply to me?
When does S332 take effect?
What do I need to do to comply?
Illustration of bulk email and a Gmail user

When does Senate Bill 332 take effect?

This bill will become effective on January 17th, 2025, which means healthcare providers operating in the state of New Jersey need to make sure they comply with the law or face severe penalties.

Does the Senate Bill 332 apply to my organization?

The new bill requires two types of organizations to comply

  • Organizations that process the data of at least 100,000 consumers
  • Organizations that process the data of 25,000 consumers and generate revenue from selling that data

What are the requirements of Senate Bill 332?

Under this bill, healthcare providers must provide clear and concise notifications to consumers about the personal data they collect, process, and share with third-party organizations. The notification should explain the purpose of data processing and outline how the data is shared.

The bill requires that healthcare providers should obtain a consumer’s explicit consent before processing their data for certain purposes, such as profiling and targeted advertising. Senate Bill 332 obliges companies to provide a consumer opt-out mechanism for selling personal data and to delete consumers’ data upon request within 45 days.

How do I comply with Senate Bill 332?

To comply with this new bill, healthcare companies need to practicably operationalize the following:

  • Review the data privacy and security policies and procedures
  • Perform a comprehensive data inventory
  • Review external vendors processing your data
  • Develop risk management plans to mitigate any identified significant risks
  • Appropriately communicate with consumers on how their data is processed.

Compliance with Senate Bill 332 can be a daunting task, but it is crucial in this Healthcare environment to ensure that patients’ privacy remains the primary concern.


Biometric data, health histories, and identifiable information are all examples of sensitive data that healthcare providers must protect. These providers are expected to undertake extensive privacy and security measures to safeguard patients’ information.

Senate Bill 332 enhances the privacy and protections for this data which is vital to the continued growth of your healthcare company. Therefore, if you are a healthcare provider in New Jersey, you must comply with the new bill to avoid legal penalties and protect your patients’ sensitive data.

Ensuring that your healthcare company adheres to this law is essential for consumer confidence and loyalty.

About The Author

Matt Fiel

EVP of Marketing

With over 15 years of experience in marketing strategy, web development, and creative design, I lead the marketing team at Penrod, a boutique Salesforce partner focused on the healthcare and life sciences industry. As a Salesforce Certified Pardot Consultant, I have deep knowledge and skills in leveraging the platform to optimize marketing automation, lead generation, and customer engagement.

Free Compliance Action Plan

Get an action plan for the next steps you need to take in order to comply with S332.

Schedule a free consultation with expert healthcare consultant Penrod and we'll put together an action plan. Pick out a time that works for you on the right!