Current through Register Vol. 56, No. 18, September 16, 2024
(a) Definitions. The
following terms, when used in this section, shall have the following meanings,
unless the context clearly indicates otherwise:
"Agreement" means the agreement between the New Jersey Motor
Vehicle Commission and a commercial Program participant or a nonprofit organization
or not-for-profit organization.
"Applicant" means a person, governmental entity, or nonprofit
organization or not-for-profit organization that is requesting access to a motor
vehicle record or records.
"Application" means the application for the Commission's Limited
Online Access Program or Standard Data Files Program.
"Authorized recipient" as provided at N.J.S.A. 39:2-3.4(d), means
a person authorized to receive personal information from the Commission pursuant to
N.J.S.A. 39:2-3.4(c).
"Commercial Program participant" means a Program participant that
is not a governmental entity, nonprofit or not-for-profit entity.
"Commission" means the New Jersey Motor Vehicle Commission.
"Employee and agent list" means a list of all proposed authorized
employees or agents that the Program participant seeks to allow to use any
electronic communications established for the Limited Online Access Program and any
data or information obtained therefrom.
"End user" means any person or entity for whose use information is
requested from the Commission's database. An end user may be either the person
requesting the information or another person on whose behalf the information is
requested.
"Governmental entity" means the State, Federal government, county,
municipality, or any subdivision thereof.
"Limited Online Access Program" means a process in which a Program
participant establishes electronic communications with the Commission to receive
motor vehicle record information on a per record basis.
"MOU" means a memorandum of understanding between the Commission
and a governmental entity.
"Nonprofit organization" or "not-for-profit organization" means an
organization that presents proof, acceptable to the Chief Administrator, of its
status as a nonprofit or not-for-profit organization, and that is exempt from
taxation pursuant to Internal Revenue Code 501(c) and N.J.S.A. 54:32B-9(b) or
9(f)(1), and has presented to the Commission the organization's certificate or
articles of incorporation or other satisfactory proof of nonprofit or not-for-profit
status that is acceptable to the Chief Administrator.
"Permitted purposes" means one or more of the uses of personal
information permitted by the Federal Driver's Privacy Protection Act of 1984,
18
U.S.C. §§
2721 et seq. (Federal DPPA),
and the New Jersey Driver's Privacy Protection Act, N.J.S.A. 39:2-3.3 et seq. (New
Jersey DPPA), and that is explicitly set forth by the Program participant on the
applicant's application and approved by the Commission; political and commercial
solicitation and marketing shall not constitute permitted purposes.
"Person" means an individual, organization, or entity, but does
not include the State, or a political subdivision thereof, consistent with N.J.S.A.
39:2-3.3.
"Personal information" means information that identifies an
individual, including an individual's photograph; Social Security number; driver
identification number; name; address other than the five digit zip code; telephone
number; and medical or disability information, but does not include information on
vehicular accidents, driving violations, and driver's status.
"Program" means the Limited Online Access Program and Standard
Data Files Program.
"Program participant" means any persons, governmental entities, or
nonprofit organization or not-for-profit organization approved for participation in
the Limited Online Access Program or the Standard Data Files Program, including all
officers, owners with an interest of 10 percent or more, managers, and all
employees, agents, or subcontractors thereof.
"Standard Data Files Program" means a process by which motor
vehicle records are provided by the Commission, based on a set of criteria and
assembled into a file and provided to the Program participant either on a one-time
basis or according to a regular schedule.
(b) Persons requesting to purchase a government
record shall pay the fee established by the Motor Vehicle Commission as set forth in
this section.
(c) The fees are as
follows:
1. A Driver History Abstract:
i. Uncertified, $ 15.00.
ii. Certified, $ 15.00.
2. A Notice of Scheduled Suspension, Order of
Suspension or Notice of Restoration:
i.
Uncertified, $ 15.00.
ii. Certified, $
15.00.
3. Violation Record:
i. Uncertified, $ 15.00.
ii. Certified, $ 15.00.
4. Mail Lists:
i. Uncertified, $ 15.00.
ii. Certified, $ 15.00.
5. Registration or Driver License Application:
i. Uncertified, $ 15.00.
ii. Certified, $ 15.00.
6. Boat Registration Application:
i. Uncertified, $ 15.00.
ii. Certified, $ 15.00.
7. Final Decision of Chief Administrator:
i. Uncertified, $ 15.00.
ii. Certified, $ 15.00.
8. File Search of Motor Vehicle Commission
Records:
i. Uncertified, $ 15.00.
ii. Certified, $ 15.00.
(d) Payment shall
be made by check or money order payable to the New Jersey Motor Vehicle Commission,
or by any other method approved by the Chief Administrator.
(e) Except as otherwise provided at (f) and (g)
below, governmental entities within and outside the State, and nonprofit and
not-for-profit organizations within and outside the State are exempt from the fees
set forth in this section.
(f)
Notwithstanding the fees set forth in this section, the Chief Administrator shall
collect from Limited Online Access Program participants, and a fee of $ 12.00 for
each driver history record requested online; a fee of $ 12.00 for each vehicle
registration record or each title record requested online; a fee of $ 12.00 for each
title history requested online; and a fee of $ 2.00 for each abbreviated driver
history record, known as a driver status record, requested online. Governmental
entities and nonprofit and not-for-profit organizations shall pay an administrative
fee of $ 150.00 for every 5,000 records, or part thereof, per calendar
year.
(g) Notwithstanding the fees set
forth in this section, the Chief Administrator shall collect a fee of $.05 per
individual registration record and individual title record from users of the
Standard Data Files Program, which provides for the electronic transmittal of
registration and title records. The Chief Administrator may, in accordance with the
New Jersey Driver's Privacy Protection Act (N.J.S.A. 39:2-3.3 et seq.), redact
personal information from the registration and title records made available through
the Standard Data Files Program. In all cases, the social security number shall be
redacted from the registration and title records made available through the Standard
Data Files Program. A business user's utilization of personal information contained
in the registration and title records that are made available through the Standard
Data Files Program shall be subject to the disclosure limitations set forth in the
New Jersey Driver's Privacy Protection Act (N.J.S.A. 39:2-3.4). In addition to the
per record fee set forth above, the Chief Administrator shall collect from users of
the Standard Data Files Program a fee for data processing costs incurred in
formatting the registration and title records requested by the user. The Commission
will consider custom or ad hoc records requests on a case-by-case basis. The fee for
a custom or ad hoc request shall be calculated on a case-by-case basis, and based on
the costs, both direct and indirect, to the Commission of supplying the requested
information. In lieu of the fee of $.05 per record, governmental entities and
nonprofit and not-for-profit organizations shall pay an administrative fee of $
100.00 per file.
(h) Application for
participation in the Commission's Limited Online Access Program. Applicants for
participation in the Commission's Limited Online Access Program must complete an
application on a form to be provided by the Commission. At a minimum, the applicant
must provide the following information:
1. The
applicant's full name and tax identification number;
2. Whether any parent companies, subsidiary
companies, or related companies or entities purchase information from the
Commission, and, if so, the name of the company or entity, the relationship to the
applicant, and whether the company or entity has ever been suspended or permanently
revoked from purchasing information from the Commission;
3. Any other names under which the applicant has
done or does business;
4. Whether the
owners or principals of the applicant have ever had their ability to obtain records
from the Commission, State, or any other state or jurisdiction suspended or
revoked;
5. Whether the owners,
principals, partners, officers, employees, or agents of the applicant have ever been
convicted of a crime arising out of fraud; violence against another person; improper
use/release of personal information; or relating to fraud in connection with the
sale of a motor vehicle, in this State or any other state or jurisdiction;
6. The nature of the applicant's business
activity;
7. Contact information for the
applicant's representative, including a driver license number and a valid email
address;
8. The type of access
requested, including whether requests will be individual or batch requests, the type
of information requested, identification of all employees that will have access to
the online system, and whether applicant will be reselling or redisclosing the
Commission records;
9. If the applicant
will be reselling or redisclosing Commission records, the applicant must submit a
list of clients and a separate document detailing the procedures and methods
applicant will use to monitor the use of the information to ensure that applicant's
clients comply with the New Jersey DPPA;
10. A completed Motor Vehicle Commission
Technology Questionnaire;
11. The
applicant shall submit a list of all proposed authorized individuals, including
owners, principals, partners, officers of the applicant, and employees or agents,
who will have access to Motor Vehicle Commission records and information. The
applicant shall also submit a signed statement certifying that criminal history
record background checks were performed on all owners, principals, partners,
officers of the applicant, and employees or agents of the applicant that will have
access to Motor Vehicle Commission records and information. The applicant shall also
maintain a signed statement from all owners, principals, partners, officers of the
applicant, and employees or agents of the applicant that will have access to Motor
Vehicle Commission records and information certifying that they do not have any
record of criminal history as specified at (h)5 above. Any principal, partner,
officer of the applicant, or employee or agent of the applicant who has any record
of criminal history as specified at (h)5 above shall be prohibited from access to
Motor Vehicle Commission records and information. The applicant shall have an
ongoing duty to the Motor Vehicle Commission to provide an updated certified
statement and list of users who will have access to Motor Vehicle Commission records
and information;
12. A certification of
applicant agreeing to limit its use of all information obtained from the Commission
to the specific permitted purposes set forth by applicant in its approved
application, the agreement or MOU with the Commission, and pursuant to the terms of
the New Jersey DPPA;
13. The Program
participant is strictly prohibited from using Commission records to conduct
surveillance or to investigate or locate an individual for reasons not specifically
related to motor vehicle activity, including, but not limited to, immigration
enforcement, divorce or domestic disputes, and matchmaking services. If reselling or
redisclosing the data and/or information, the Program participant shall require the
third-parties/end-users to represent in writing to the Program participant that they
agree not to use Commission records to conduct surveillance or to investigate or
locate an individual for reasons not specifically related to motor vehicle activity,
including, but not limited to, immigration enforcement, divorce disputes, and
matchmaking services; and
14. Any
additional information the Chief Administrator may deem
necessary.
(i) Program
participant agreement or MOU for the Commission's Limited Online Access Program. If
the applicant's application is approved, the applicant must execute an agreement or
MOU with the Commission, to be reviewed by a member of the Commission's executive
staff, and in a form to be provided by the Commission, to be accepted into the
Commission's Limited Online Access Program and become a Program participant. The
agreement or MOU may contain such terms and conditions as deemed necessary by the
Commission for the protection of data and information provided by the Commission.
The agreement or MOU shall contain, at a minimum, provisions addressing the
following:
1. A description of the permitted
purposes;
2. A description of the
information and data to be provided pursuant to the agreement or MOU;
3. Restrictions upon use of the information
provided pursuant to the agreement or MOU;
4. Confidentiality agreements between the
Commission and applicant;
5.
Identification of persons authorized to access data and information;
6. Security standards covering data supplied by
the Commission, applicant's hardware, applicant's software, applicant's system,
applicant's data transmission, applicant's network, and applicant's physical
location;
7. Recordkeeping
requirements;
8. Records retention
requirements;
9. Storage of information
and data;
10. Audit
requirements;
11. Payment;
12. Termination;
13. If the applicant is reselling or redisclosing
Commission information, the terms under which that information may be resold or
redisclosed and used by third parties, and any restrictions on the resale or
redisclosure of information to third parties; and
14. Such other conditions as deemed necessary by
the Chief Administrator.
(j)
Denial, suspension, or revocation of a Program participant's access to Limited
Online Access Program.
1. The Commission may deny,
suspend, or revoke a Program participant's online access for any of the following
reasons:
i. The application is
incomplete;
ii. The applicant requests
access to residence address information when not authorized to obtain such access
pursuant to statute, rule, or rule of court;
iii. Based on the applicant's stated purpose for
requesting information, the Commission determines that the public interest in
withholding the information outweighs the public interest in releasing the
information;
iv. The information on the
application is incorrect, false, misleading, or identifies an intended use of the
information requested that is not an approved use;
v. The applicant, or a representative of the
applicant, was previously a Program participant or a managerial employee of a
Program participant whose online access was revoked for cause and never reissued by
the Commission, or was suspended for cause and the terms of the suspension are not
fulfilled. For the purposes of this subparagraph, a representative means an owner,
principal, proprietor, limited or general partner, a managerial employee, or a
director or officer active in the management, direction, or control of the business
of the Program participant, or a parent, subsidiary, or related entity to the
Program participant. A managerial employee is any person who exercises managerial
control over the business of a Program participant;
vi. The Program participant, or any employee or
agent of the Program participant, used information received from the Commission for
a purpose other than the purpose stated in the application of the Program
participant or approved by the Commission;
vii. The Program participant, or any employee or
agent of the Program participant, used information received from the Commission in
violation of the New Jersey DPPA;
viii.
The Program participant submitted a check, draft, money order, or other means of
payment to the Commission, that was thereafter dishonored when presented for
payment;
ix. The Program participant
sold or otherwise delivered information obtained from the Commission to a person
other than the person or entity for whom the information was obtained;
x. The Program participant failed to pay for
information received from the Commission;
xi. The Program participant or any representative
of the Program participant represented to any person that the Program participant or
such representative was an officer, agent, or employee of, or otherwise affiliated
with, the Commission;
xii. The Program
participant published any false or misleading advertising related to the purchase of
information from the Commission;
xiii.
The Program participant used the Commission logo in any advertising or other
materials used in the business of the Program participant. The Program participant
may not use the Commission logo in any advertising;
xiv. The Program participant violated any of the
provisions contained in applicable rules;
xv. The Program participant has been convicted of
a crime arising out of fraud in connection with the sale of a motor vehicle in any
state, a felony in any state, or a crime involving violence against another person
in any state, or the Program participant is affiliated with any other Program
participant or other requester whose access to Commission data and information has
been, or was suspended or revoked, and not reinstated;
xvi. The agreement or MOU between the Commission
and the Program participant has expired; or
xvii. For any other reason determined to be
appropriate by the Commission.
2. The Commission may terminate any Program
participant's access to the Limited Online Access Program, and any agreement or MOU
with a Program participant in its sole discretion, upon 10 days notice to the
Program participant.
3. The Commission
may terminate a Program participant's access to the Limited Online Access Program,
and any agreement or MOU with a Program participant immediately and in its sole
discretion, if it believes the individual or public health or individual or public
safety may be at risk.
4. The Commission
may terminate a Program participant's access to the Limited Online Access Program,
and any agreement or MOU with a Program participant if the Program participant or
end users are found to be using Commission records to conduct surveillance or to
investigate or locate an individual, unless pursuant to
N.J.S.A.
39:2-3.4(c)(6), for use by an
insurer or insurance support organization, its agents, employees or contractors, or
by a self-insured entity, or its agents, employees, or contractors, in connection
with claims investigation activities, antifraud activities, ratings, or
underwriting. For any other purpose involving surveillance, the Program participant
must submit an individual request for the evaluation and consideration of the
Commission.
5. The Commission may cancel
or amend a Program participant's access to the Limited Online Access Program, and
any agreement or MOU with a Program participant, if such cancellation or amendment
is deemed necessary by the Commission due to any changed requirement in the law or
Commission policy that would prohibit such access or agreement, or upon a
determination by the Commission that there has been a breach of the integrity or
security of the data or information provided to the Program participant, or a
failure of the Program participant to comply with established procedures or legal
requirements relating to the Limited Online Access Program.
6. The Program participant is required to ensure
that all end users comply with all the terms, conditions, and limitations of the
Program participant's agreement or MOU with the Commission and is required to ensure
that its end users use any and all data and information solely for the permitted
purposes set forth in the Program participant's agreement or MOU with the
Commission. A violation of the terms of the agreement between the Program
participant and the end users to whom the Program participant sells or discloses, or
has sold or disclosed, Commission data or information, will result in termination of
participation in the Limited Online Access Program, but the Chief Administrator may,
in the Chief Administrator's sole discretion, allow remediation of the violation by
permitting the Program participant to provide to the Commission a remediation plan,
which the Chief Administrator may accept, modify, or reject, in the Chief
Administrator's sole discretion.
7. The
Commission's decision to terminate participation in the Limited Online Access
Program for any violation of the terms and conditions of a Limited Online Access
Program Agreement or MOU between the Commission and any subsidiary, related entity,
or parent company of the Program participant shall automatically terminate the
Program participant's agreement or MOU with the Commission.
8. If a Limited Online Access Program Agreement or
MOU between the Commission and any subsidiary, related entity, or parent company of
the Program participant is suspended or terminated for violation of the terms of
that agreement by the end users to whom the subsidiary, related entity or parent
company sells or discloses, or has sold or disclosed, Commission data and
information, the Program participant's participation in the Limited Online Access
Program shall be indefinitely suspended. The Chief Administrator may, in the Chief
Administrator's sole discretion, allow remediation of the violation by permitting
the subsidiary, related entity, or parent company to provide to the Commission a
remediation plan, which the Chief Administrator may accept, modify, or reject, in
the Chief Administrator's sole discretion.
9. If any combination of the Program participant's
subsidiaries, related entities, parent companies, or end users violates the terms of
the end users' agreements or their agreement with the Commission or the Program
participant, the Commission may terminate the Program participant's participation in
the Limited Online Access Program permanently with no opportunity for reinstatement.
Additionally, if the Program participant's participation in the Limited Online
Access Program was suspended for a violation or violations by end users of
subsidiaries, related entities, or parent companies to the Program participant, and
thereafter reinstated, a subsequent violation may result in the Program
participant's participation in the Limited Online Access Program being terminated
with no opportunity for reinstatement.
(k) Application for participation in Commission's
Standard Data Files Program. Applicants for participation in the Commission's
Standard Data Files Program must submit a written request to the Commission that, at
a minimum, must include:
1. The applicant's full
name and tax identification number;
2.
Whether any parent companies, subsidiary companies, or related companies or entities
purchase information from the Commission, and, if so, the name of the company or
entity, the relationship to applicant, and whether the company or entity has ever
been suspended or permanently revoked from purchasing information from the
Commission;
3. Any other names under
which the applicant has done or does business;
4. Whether the owners or principals of the
applicant have ever had their ability to obtain records from the Commission, State,
or any other state or jurisdiction suspended or revoked;
5. Whether the owners, principals, partners,
officers, employees, or agents of the applicant have ever been convicted of a crime
arising out of fraud; violence against another person; improper use/release of
personal information; or relating to fraud in connection with the sale of a motor
vehicle, in this State or any other state or jurisdiction;
6. The nature of the applicant's business
activity;
7. Contact information for the
applicant;
8. The type of information
requested, identification of all employees that will have access to the requested
information, and whether the applicant will be reselling or redisclosing the
Commission records;
9. If the applicant
will be reselling or redisclosing Commission records, the applicant must submit a
list of clients and a separate document detailing the procedures and methods
applicant will use to monitor the use of the information to ensure that the
applicant's clients comply with the New Jersey DPPA;
10. A completed Motor Vehicle Commission
Technology Questionnaire;
11. The
applicant shall submit a list of all proposed authorized individuals, including
owners, principals, partners, officers of the applicant, and employees or agents,
who will have access to Motor Vehicle Commission records and information. Applicants
shall also submit a signed statement certifying that criminal history record
background checks were performed on all owners, principals, partners, officers of
the applicant, and employees or agents of the applicant that will have access to
Motor Vehicle Commission records and information. The applicant shall also maintain
a signed statement from all owners, principals, partners, officers of the applicant,
and employees or agents of the applicant that will have access to Motor Vehicle
Commission records and information certifying that they do not have any record of
criminal history as specified at (k)5 above. Any principal, partner, officer of the
applicant, or employee or agent of the applicant who has any record of criminal
history as specified at (k)5 above shall be prohibited from access to Motor Vehicle
Commission records and information. The applicant shall have an ongoing duty to the
Motor Vehicle Commission to provide an updated certified statement and list of users
who will have access to Motor Vehicle Commission records and information;
12. A certification of the applicant agreeing to
limit its use of all information obtained from the Commission to the specific
permitted purposes set forth by the applicant in its approved application, the
agreement or MOU with the Commission, and pursuant to the terms of the New Jersey
DPPA;
13. The Program participant is
strictly prohibited from using Commission records to conduct surveillance or to
investigate or locate an individual for reasons not specifically related to motor
vehicle activity, including, but not limited to, immigration enforcement, divorce or
domestic disputes, and matchmaking services. If reselling or redisclosing the data
and/or information, the Program participant shall require the
third-parties/end-users to represent in writing to the Program participant that they
agree not to use Commission records to conduct surveillance or to investigate or
locate an individual for reasons not specifically related to motor vehicle activity,
including, but not limited to, immigration enforcement, divorce disputes, and
matchmaking services; and
14. Any
additional information the Chief Administrator may deem
necessary.
(l) Program
participant agreement or MOU for the Commission's Standard Data Files Program. If
the applicant's application is approved, the applicant must execute an agreement or
MOU with the Commission, to be reviewed by a member of the Commission's executive
staff, and in a form to be provided by the Commission to be accepted into the
Commission's Standard Data Files Program and become a Program participant. The
agreement or MOU may contain such terms and conditions as deemed necessary by the
Commission for the protection of data and information provided by the Commission.
The applicant's agreement or MOU shall contain, at a minimum, provisions addressing
the following:
1. A description of the information
and data to be provided pursuant to the agreement or MOU;
2. Restrictions upon use of the information
provided pursuant to the agreement or MOU;
3. Confidentiality agreements between the
Commission and the applicant;
4.
Security standards covering data supplied by the Commission, applicant's hardware,
applicant's software, applicant's systems, applicant's data transmission,
applicant's network, and applicant's physical location;
5. Recordkeeping requirements;
6. Records retention requirements;
7. Storage of information and data;
8. Audit requirements;
9. Payment terms;
10. Modification and termination
conditions;
11. If the applicant will be
reselling or redisclosing Commission information, the terms under which that
information may be resold, redisclosed, and used by third-parties, and any
restrictions on the resale or redisclosure of information to third parties;
and
12. Such other conditions as deemed
necessary by the Chief Administrator.
(m) Denial, suspension, or revocation of a Program
participant's approval for the Standard Data Files Program shall be as follows:
1. The Commission may deny, suspend, or revoke a
Program participant's approval to participate in the Standard Data Files Program for
any of the following reasons:
i. The request is
incomplete;
ii. The applicant requests
residence address information when not authorized to obtain such information
pursuant to statute, rule, or rule of court;
iii. Based on the applicant's stated purpose for
requesting information, the Commission determines that the public interest in
withholding the information outweighs the public interest in releasing the
information;
iv. The information
contained in the applicant's request is incorrect, false, misleading, or identifies
an intended misuse of the information requested;
v. The applicant, or a representative of the
applicant, was previously a Program participant or a managerial employee of a
Program participant whose approval for participation in the Standard Data Files
Program was revoked for cause and never reissued by the Commission, or was suspended
for cause, and the terms of the suspension are not fulfilled. For the purposes of
this subparagraph, a representative means an owner, principal, proprietor, limited
or general partner, a managerial employee, or a director or officer active in the
management, direction, or control of the business of the Program participant or a
parent, subsidiary or related entity to the Program participant. A managerial
employee is any person who exercises managerial control over the business of a
Program participant;
vi. The Program
participant, or any employee or agent of the Program participant, used information
received from the Commission for a purpose other than the purpose stated in the
request of the Program participant or approved by the Commission;
vii. The Program participant, or any employee or
agent of the Program participant, used information received from the Commission in
violation of the New Jersey DPPA;
viii.
The Program participant submitted a check, draft, money order, or other means of
payment to the Commission, that was thereafter dishonored when presented for
payment;
ix. The Program participant
failed to pay for information received from the Commission;
x. The Program participant or any representative
of the Program participant represented to any person that the Program participant,
or such representative, was an officer, agent, or employee of or otherwise
affiliated with the Commission;
xi. The
Program participant published any false or misleading advertising related to the
purchase of information from the Commission;
xii. The Program participant used the Commission
logo in any advertising or other materials used in the business of the Program
participant. The Program participant may not use the Commission logo in any
advertising;
xiii. The Program
participant violated any of the provisions contained in the applicable
rules;
xiv. The Program participant has
been convicted of a crime arising out of fraud in connection with the sale of a
motor vehicle in any state, a felony in any state, or a crime involving violence
against another person in any state, or the Program participant is affiliated with
any other Program participant or other requester whose access to Commission data and
information has been, or was, suspended or revoked, and not reinstated;
xv. The agreement or MOU between the Commission
and the Program participant has expired; or
xvi. For any other reason determined to be
appropriate by the Commission.
2. The Commission may terminate any Program
participant's approval for the Standard Data Files Program, and any agreement or MOU
with a Program participant in its sole discretion upon 10 days notice to the Program
participant.
3. The Commission may
terminate a Program participant's approval for the Standard Data Files Program, and
any agreement or MOU with a Program participant immediately and in its sole
discretion, if it believes an individual or public health or individual or public
safety may be at risk.
4. The Commission
may terminate a Program participant's approval for the Standard Data Files Program,
and any agreement or MOU with a Program participant if the Program participant or
end users are found to be using Commission records to conduct surveillance or to
investigate or locate an individual, unless pursuant to
N.J.S.A.
39:2-3.4(c)(6), for use by an insurer or insurance
support organization, its agents, employees, or contractors, or by a self-insured
entity, or its agents, employees, or contractors, in connection with claims
investigation activities, antifraud activities, ratings, or underwriting. For any
other purpose involving surveillance, the Program participant must submit an
individual request for the evaluation and consideration of the Commission.
5. The Commission may cancel or amend a Program
participant's approval for the Standard Data Files Program, and any agreement or MOU
with a Program participant, if such cancellation or amendment is deemed necessary by
the Commission due to any changed requirement in the law or Commission policy that
would prohibit such access or agreement, or upon a determination by the Commission
that there has been a breach of the integrity or security of the data or information
provided to the Program participant or a failure of the Program participant to
comply with established procedures or legal requirements relating to the Standard
Data Files Program.
6. The Program
participant is required to ensure that all end users comply with all the terms,
conditions, and limitations of the Program participant's agreement or MOU with the
Commission and is required to ensure that its end users use any and all data and
information solely for the permitted purposes set forth in the Program participant's
agreement or MOU with the Commission. A violation of the terms of the agreement
between the Program participant and end users to whom the Program participant sells
or discloses, or has sold or disclosed, Commission data or information, will result
in termination of participation in the Standard Data Files Program, but the Chief
Administrator may, in the Chief Administrator's sole discretion, allow remediation
of the violation by permitting the Program participant to provide to the Commission
a remediation plan, which the Chief Administrator may accept, modify, or reject, in
the Chief Administrator's sole discretion.
7. The Commission's decision to terminate
participation in the Standard Data Files Program for any violation of the terms and
conditions of a Standard Data Files Program Agreement or MOU between the Commission
and any subsidiary, related entity, or parent company of the Program participant
shall automatically terminate the Program participant's agreement or MOU with the
Commission.
8. If a Standard Data Files
Program Agreement or MOU between the Commission and any subsidiary, related entity,
or parent company of the Program participant is suspended or terminated for
violation of the terms of that agreement or MOU by end users to whom the subsidiary,
related entity, or parent company sells or discloses, or has sold or disclosed,
Commission data and information, the Program participant's participation in the
Standard Data Files Program shall be indefinitely suspended. The Chief Administrator
may, in the Chief Administrator's sole discretion, allow remediation of the
violation by permitting the subsidiary, related entity, or parent company to provide
to the Commission a remediation plan, which the Chief Administrator may accept,
modify, or reject, in the Chief Administrator's sole discretion.
9. If any combination of the Program participant's
subsidiaries, related entities, parent companies, or end users violates the terms of
the end users' agreements or their agreement with the Commission or the Program
participant, the Commission may terminate the Program participant's participation in
the Standard Data Files Program permanently with no opportunity for reinstatement.
Additionally, if the Program participant's participation in the Standard Data Files
Program was suspended for a violation or violations by end users of subsidiaries,
related entities, or parent companies to the Program participant, and thereafter
reinstated, a subsequent violation may result in the Program participant's
participation in the Standard Data Files Program being terminated with no
opportunity for reinstatement.
(n) Program participants enrolled in the Limited
Online Access or Standard Data Files programs shall at all times maintain compliance
with
N.J.S.A.
56:8-163, Disclosure of breach of security to
customers.
(o) Program participants
enrolled in the Limited Online Access or Standard Data Files programs shall develop
and implement a cybersecurity program, that reasonably conforms to the current
version of an industry-recognized cybersecurity framework, such as any of the
following, or any combination of the following, subject to required revisions, if
applicable:
1. The Framework for Improving Critical
Infrastructure Cybersecurity developed by the National Institute of Standards and
Technology (NIST);
2. The Center for
Internet Security Critical Security Controls for Effective Cyber Defense
publication; or
3. The International
Organization for Standardization and International Electrotechnical Commission 27000
family--information security management systems.
(p) When updates or changes in the form of a final
revision to a framework listed at (o) above is published, a Program participant
shall reasonably conform to the revised framework not later than one year after the
publication date stated in the revision.
