Camera-related state law

The governing statute is the New Jersey Wiretapping and Electronic Surveillance Control Act, codified at N.J.S.A. 2A:156A. The Act treats interception of oral, wire, and electronic communications as a crime unless an exception applies. The most-used exception in commercial settings is the one-party consent rule: if a participant in the conversation consents (which includes the person doing the recording), the interception is lawful. New Jersey is therefore a one-party consent state for audio.

Video-only surveillance is treated more permissively. Recording video in places where a person has no reasonable expectation of privacy is generally lawful, with two practical caveats. First, posted notice is the industry standard for any commercial property and many lease agreements require it. Second, hidden cameras in places where privacy is expected (restrooms, locker rooms, fitting rooms, hotel guest rooms) are off-limits and can trigger separate criminal exposure under N.J.S.A. 2C:14-9, the New Jersey invasion-of-privacy statute.

Practical translation for a NJ commercial install. Cameras with audio capture should be deployed only where the operator can document one-party consent or post unambiguous notice that audio is being captured. Most multi-site retailers, manufacturers, and warehouses we work with default to video-only on the cameras and route audio capture through a separate documented intercom or voice-recording workflow.

Biometric data law

New Jersey does not have an enacted biometric information privacy law as of 2026. Bills modeled in part on the Illinois Biometric Information Privacy Act (740 ILCS 14) have been introduced in recent NJ legislative sessions, including proposals to require written consent before collection, retention schedules, and a private right of action. Operators should track NJ Senate and Assembly bill activity quarterly because the legislative posture has been moving in the direction of enactment.

That doesn't mean biometric capture is unregulated in NJ today. The federal FTC Act and the FTC Safeguards Rule (16 CFR Part 314) reach biometric data handling for many businesses. The NJ Identity Theft Protection Act (N.J.S.A. 56:8-161 et seq.) governs disclosure of personal information that includes biometric records in some contexts. NJ businesses using facial recognition or fingerprint access control should still document consent, retention, and access controls so they can answer to either state-level enactment or a federal investigation.

Privacy in the workplace

NJ has a specific workplace electronic monitoring statute, N.J.S.A. 34:6B-5, which requires employers to provide written notice before monitoring an employee's email, internet, telephone, or other electronic communications. The notice must be given before monitoring begins and the law applies to both private and certain public employers.

Pure video surveillance of common work areas falls outside the literal text of 34:6B-5, but most NJ employers issue a single workplace surveillance notice in the employee handbook that covers cameras, badge access, computer monitoring, and call recording together. That single-notice approach is cheaper than litigating the boundary between covered and uncovered electronic monitoring.

Cameras in employee-only spaces with a reasonable expectation of privacy (changing areas, lactation rooms, employee restrooms) are not allowed. Cameras in production lines, retail floor, loading dock, and warehouse aisles are routine when paired with notice.

Public-place and common-area cameras

For commercial real estate, multi-tenant residential, retail, and hospitality, the practical rule set is consistent. Cameras in lobbies, hallways, exterior, parking, retail floor, and other non-private common areas are lawful with posted notice. Cameras in bathrooms, fitting rooms, hotel guest rooms, and any other space where privacy is expected are off-limits.

Multi-tenant residential operators in NJ should also review the bylaws and lease covenants. Co-op and condo associations often have notice and access rules that go beyond state law. Hotel operators handle guest-room signage at the door and at the front desk and document any guest-area camera coverage in the property security plan.

Video retention requirements

NJ has no single statewide video retention statute that applies to all commercial cameras. Retention is set by the regime that governs the industry.

  • Cannabis. The NJ Cannabis Regulatory Commission (CRC) publishes camera coverage and retention rules for licensed retail and cultivation. Pull the current CRC published rules before designing the install.
  • Healthcare. HIPAA Security Rule (45 CFR Part 164) governs PHI-touching footage. Retention is typically 30 to 90 days at the facility, longer when an investigation is open.
  • Retail and hospitality with card data. PCI-DSS Requirement 9 specifies camera coverage of the cardholder data environment with 90-day retention.
  • Banking and finance. Federal banking regulators set their own surveillance and retention expectations through bank examination.
  • Federal contractors and grantees. NDAA Section 889 controls vendor selection. Retention is contractor-driven through the SSP or grant award terms.

Default retention for NJ commercial systems with no specific industry rule is 30 days. Operators in higher-risk industries set longer retention with explicit retention policies in the WISP or facility security plan.

Notable enforcement examples

NJ enforcement against businesses for camera and privacy issues typically runs through the Division of Consumer Affairs (DCA), the Office of the Attorney General, and federal agencies operating in NJ. The pattern is consistent across cases: enforcement starts with a consumer or employee complaint, moves to a request for the surveillance policy and retention configuration, and resolves on a documented control failure (camera in a private area, missing posted notice, undocumented retention, or unauthorized disclosure).

Federal HIPAA settlements have reached NJ-based defendants where physical safeguards (facility access control, camera coverage of PHI areas) were a documented part of the breach. PCI assessor findings have triggered card brand penalties at NJ retailers where camera coverage of the cardholder data environment was inadequate or retention was below 90 days. Real settlements are published on the NJ DCA settlements page and the HHS OCR HIPAA enforcement page.

What Tec-Tel does to comply with NJ regulations

Tec-Tel is headquartered in Morganville, NJ, and we install across the state for retail, manufacturing, healthcare, multi-tenant residential, and cannabis customers. The default install pattern for a NJ commercial site:

  • Video-only on cameras unless audio is documented with one-party consent or unambiguous posted notice.
  • Posted surveillance notice at every public entrance.
  • No cameras in restrooms, locker rooms, fitting rooms, hotel guest rooms, or other spaces with a reasonable expectation of privacy.
  • Retention configured to the regime that governs the industry (HIPAA, PCI, CRC, NDAA), with the facility's written retention policy attached to the install package.
  • NDAA Section 889-compliant vendor selection on any federal-touching install. No Hikvision, Dahua, Hytera, Huawei, ZTE, or covered OEM relabels.
  • Multi-vendor architecture so the customer is not locked into one camera or VMS line as state and federal rules evolve.

This is a buyer-facing reference, not legal advice. For a specific NJ regulatory question, work with your privacy counsel.

Security service in New Jersey

Tec-Tel deploys AI-era security across New Jersey with one accountable project manager owning design, install, and service to one standard. The cities below have local service detail, deal sizing, and a free consultation. Don't see yours? We cover the whole state.

Or browse the full city directory and nationwide coverage map.