"New Jersey's new law applies to end-user systems and computerized records that [are] transmitted across public networks.... Under the law, personal information is defined to include an individual's first name or first initial and last name linked with a Social Security number, a driver's license or state identification card number, an address, or identifiable health information. Failing to comply with these standards is punishable by a maximum fine of $10,000 for a first offense and $20,000 for a second or any subsequent offense. A violation can also bring cease and desist orders issued by the attorney general -- and damage payments to affected individuals."