On July 21, New Jersey Governor Chris Christie signed into law the Personal Information Privacy Protection Act (PIPPA) (S. 1913), which limits the circumstances under which “retail establishments” (retailers) can collect and use information obtained by scanning the state-issued identification cards of customers.
The new law limits the ability of retailers to scan the barcode or other machine-readable section of a customer’s ID to the following eight purposes:
- To verify the authenticity of the card or the identity of the person;
- To verify age when providing age-restricted goods and services;
- To prevent fraud or other criminal activity if the person returns an item or requests a refund or an exchange;
- To prevent fraud or other criminal activity related to a credit transaction to open or manage a credit account;
- To establish or maintain a contractual relationship;
- To record, retain, or transmit information as required by law;
- To transmit information to a consumer reporting agency, financial institution, or debt collector; and
- To record, retain, or transmit information by a covered entity governed by the medical privacy and security rules under the Health Insurance Portability and Accountability Act.