State Compliance · New Jersey

ITAD in New Jersey: The Disposal Law and the Breach Rules

New Jersey is one of the comprehensive e-waste states: covered electronics are banned from disposal outright. Its breach law also takes an unusual turn — you notify the State Police before your customers. Here's what that means for retiring IT equipment.

By Brian Boynton Updated 6 min read

TL;DR

New Jersey bans covered electronic devices from disposal and funds free manufacturer recycling, so businesses can't landfill retired equipment. Its breach law requires notifying the State Police before affected customers — making documented destruction the cleaner path.

  • New Jersey's Electronic Waste Management Act bans covered electronic devices from disposal and funds manufacturer recycling.
  • Businesses must route retired computers, monitors, and TVs to compliant recycling — not the dumpster.
  • On a breach, New Jersey requires notifying the State Police before affected customers; personal information includes online credentials.
  • A serialized certificate of destruction keeps a retirement event from becoming a notification event.

01 / THE DISPOSAL LAWNew Jersey's Electronic Waste Management Act

New Jersey is one of the comprehensive producer-responsibility states. The Electronic Waste Management Act requires manufacturers to fund free recycling of covered electronic devices — computers, monitors, portable computers, and televisions — and bans those devices from solid-waste disposal. Covered electronics may not be thrown out with regular trash.

While the free manufacturer programs are oriented to consumers, the disposal ban applies broadly, and businesses must route retired covered electronics to compliant recycling. Federal RCRA, HIPAA, and GLBA duties apply on top. Bottom line: in New Jersey, landfilling old computers and monitors is prohibited — you need a recycler that documents what it handled.

02 / THE BREACH LAWNotify the State Police first

New Jersey's breach-notification statute (N.J.S.A. 56:8-163) requires a business that suffers a breach of New Jersey residents' personal information to notify affected individuals — and, distinctively, to notify the New Jersey Division of State Police before notifying customers. The state expanded "personal information" in 2020 to include a username or email address combined with a password or security question, pulling credential stores into scope.

A lost or stolen unsanitized drive holding residents' personal information can trigger these duties. Bottom line: media destroyed to NIST 800-88 with documentation is not exposed data — the cleanest way to avoid the State-Police-and-customer notification chain.

03 / WHAT IT MEANSOne certified process satisfies both

Read together, New Jersey's rules point the same direction. An organization retiring IT equipment in New Jersey has to handle the device lawfully — covered electronics are banned from disposal — and be able to prove the data on it is gone under the state's breach-notification law. Handled separately, those are two compliance tracks. Handled as one certified IT asset disposition process, they collapse into a single workflow: compliant recycling, documented NIST 800-88 data destruction with serialized certificates, and an unbroken chain of custody.

That combined standard is what an R2v3, NAID AAA, and RIOS-certified provider is built to deliver. CyberCrunch is headquartered in Greensburg, Pennsylvania, and serves organizations across New Jersey and all 50 states with on-site and facility-based destruction and documented recycling.

04 / SOURCESWhere this comes from

  • New Jersey breach law (N.J.S.A. 56:8-163); see IAPP state breach-notification chart — source
  • New Jersey Electronic Waste Management Act — ERI state e-waste legislation overview — source

This page is provided for general informational purposes only and reflects publicly available sources as of June 2026. It is not legal advice and does not create an attorney-client relationship. Laws and regulations change frequently and are subject to interpretation; CyberCrunch makes no representation or warranty as to the accuracy, completeness, or currency of this information and assumes no liability for any reliance on it. Always do your own research and confirm the current requirements for your organization with qualified legal counsel before acting.

05 / FAQFrequently asked questions

Can a New Jersey business throw old computers in the trash?
No. The Electronic Waste Management Act bans covered electronic devices from disposal. Retired computers, monitors, and TVs must be recycled through compliant channels.

Who pays for electronics recycling in New Jersey?
Manufacturers fund free recycling of covered devices under the Act's producer-responsibility model; businesses still must route their equipment to compliant recyclers.

When must a New Jersey organization report a data breach?
Affected residents must be notified, and the New Jersey Division of State Police must be notified before customers are. Personal information includes online account credentials.

Does destroying a drive remove breach-notification risk?
Media sanitized or destroyed to NIST 800-88 standards, with documentation, is not exposed data — the practical defense against a disposal-driven breach.