How a law meant to protect public workers may have created a lawsuit gold mine
New Jersey lawmakers acted swiftly when a man with a grudge shot and killed a federal judge’s son in a targeted attack at home: They passed a set of protections shielding judges’ personal information from public disclosure, and the measure was immediately hailed as a model for the nation.
But state legislators in Trenton weren’t finished. In the months that followed, they amended what’s called Daniel’s Law, expanding the measure to cover thousands of other state and local workers in New Jersey. In doing so, the lawmakers created a new frontier in data privacy — and a potential cottage industry for a tech startup.
That startup, Atlas Data Privacy, filed more than 130 lawsuits in February against data broker companies on behalf of thousands of police officers. And there are potentially many more to come. Under the lawsuits, the data brokers could be liable for tens of millions of dollars in penalties.
The changes to Daniel’s Law were made last summer, but they are particularly resonant after former President Donald Trump publicly attacked the children and family members of judges overseeing his various civil and criminal trials, as well as prosecutors and grand jurors.
The law makes New Jersey a test case for how to enforce a raft of data privacy measures that have popped up in recent years both federally and in many states, intended to hide the personal identifying information, like addresses and phone numbers, of cops, judges, prosecutors and some other protected groups. But critics see New Jersey’s expanded law as a money grab for lawyers, tech entrepreneurs and venture capitalists seeking to take companies to court.
“Companies in the business of disclosing this protected information have avoided accountability for far too long,” read the nearly-identical complaints filed in state Superior Court in several New Jersey counties, “without sufficient regard for the risks and consequences imposed upon individuals who serve critical judicial and law enforcement roles.”
New Jersey has established an Office of Information Privacy that runs a portal for people covered under the law to have their information redacted from public government records, but not private companies that gather data from them. With the new law, the state chose to privatize much of the enforcement of Daniel’s Law.
Backers of the law said it streamlines a way for cops, judges and others to avoid bureaucratic headaches and hours of work in trying to get their personal information removed from the web. The killing of the judge’s son in New Jersey seemed to spark a movement, and now most states have laws protecting information for public employees, mostly for judges, according to the Journal of Civic Information.
But the data broker industry has begun a lobbying push in New Jersey to roll back the new law, POLITICO reported earlier this month.
Atlas, in a statement, said the company is working in response to “countless horror stories of judges and law enforcement officials and their families being terrorized as a result of criminals having access to their personal information on-line.”
The company said its work is not designed to make money. It charges clients an annual subscription fee that covers “a portion of our operational costs” and that 65 percent of the penalty it wins in court goes to the plaintiff. The company said it will donate the majority of what’s left after legal costs to nonprofits that support law enforcement members and their families.
Daniel’s Law was first passed in New Jersey in 2020 in response to the murder of Daniel Anderl and the wounding of his father, Mark, at their home by a gunman who had a grudge against his mother, U.S. District Court Judge Esther Salas. It gives private companies 10 days to remove certain personal information following a request.
In July 2023, Gov. Phil Murphy, a Democrat, signed a change to the law that passed without opposition. It added child protective investigators to the list of people eligible to have information redacted from government documents and products provided by private services like data brokers.
A few dozen words added to the bill led to the raft of lawsuits. There were two key changes: One eliminated a judge’s discretion in deciding whether a company found to have violated Daniel’s Law should pay a $1,000 fine, instead making it mandatory. The other, notably, allows people covered under Daniel’s Law to designate an “assignee” to file the lawsuit on their behalf.
Atlas Data Privacy, which first registered in Delaware in 2021 and in New Jersey in January of 2024, had lobbied on the bill through attorney Raj Parikh, who’s now representing it in lawsuits, according to regulatory filings with the state Election Law Enforcement Commission.
Parikh said in a statement that he held “discussions with different government agencies, impacted individuals and relevant stakeholders in order to ensure the law was working as best it can for those it is meant to protect” and “reported lobbying work for Atlas related to Daniel’s Law out of an abundance of caution given a few brief discussions regarding government process and procedures.”
The group was funded in part with seed money from four venture capital firms, according to the industry data collection site Pitchbook.com, including one run by Tom Kemp, who has pushed privacy laws in his native California.
Atlas pitched its services to several police unions, offering members a one-stop shop to get their data removed from online data brokerages, which scrape public information for data and often sell it. The company, according to its lawsuits, recommended which services police officers and their families could reach out to and provided them with a template and even an email address with which to contact the services.
According to Atlas’ lawsuits, the company tracks over 1,000 data brokers and recommended specific ones to cops to send takedown notices “in order to make the selection process easier and more efficient.” The company then provided the template for the takedown notice, which the user sent through the company-provided email.
Through this arrangement, Atlas would become the assignee for about 19,000 officers, according to its lawsuits.
“It was an easy, inexpensive lift for us. We made it part of our legal protection plan. And we discovered a lot of companies don’t want to comply with the law, including, shockingly, LexisNexis who have some huge state contracts,” said New Jersey State Policemen's Benevolent Association President Pat Colligan, who’s also one of a handful of named plaintiffs in the lawsuits “They’re more interested in their bottom line than in the safety of some prosecutors and cops.”
The lawsuits present harrowing stories of police officers or their families being stalked and harassed by people who found their addresses online. One plaintiff — Justyna Maloney, a police officer in Rahway who’s married to Scott Maloney, a sergeant — claims to have been subject to threats and harassment after a YouTuber posted an interaction with her online. The video had web links to data broker websites disclosing their home address and home telephone numbers, “resulting in dozens of threatening phone calls and text messages.”
The lawsuit says Scott Maloney then received text messages extorting him for money and threatening that he would “pay in blood” if he didn’t comply, followed by video of three masked people repeating the demand. Several weeks later, according to the lawsuit, police arrested two armed men in ski masks who had been videotaped driving around the Maloneys’ home while Justyna and their two children were inside.
If each of the 19,000-plus plaintiffs in lawsuits proved just one violation, companies would be on the hook for at least $19 million. Atlas said it would be “purely speculative” to put a figure on how much “multi-billion-dollar companies might have to provide as a result of being found negligent in their compliance of Daniel's Law.”
Colligan said that the union paid for the service through its legal fund, though he declined to say how much it cost. He said that his union members had struggled to get their data taken offline before the law, but that compliance has been better thanks to the private right of action.
Colligan also accused LexisNexis of freezing union members’ credit when they asked to have their information taken down. “We didn’t ask for it. We just asked to remove our information from the files,” he said.
Jennifer Richman, a spokesperson for LexisNexis, said Atlas sent her company over 40,000 email requests between Dec. 30 and Jan. 3.
“The requests were presented in a haphazard fashion, with personal information about individuals included in multiple emails that needed to be matched with one another. We began working immediately on the unprecedented volume of requests,” Richman said.
Richman added that the company “remains committed to protecting law enforcement officers, judges, victims of domestic violence and others at risk of potential harm” and will “work diligently to honor all requests related to personal information.”
Richman said that for credit reports, Daniel’s Law “fails to contemplate downstream uses” of residential addresses and phone numbers “such as consumer and financial transactions.”
The data brokers have an ally in the Nonprofit Alliance, whose member organizations often use data brokers for donor lists.
The group in a legislative update to its members said Atlas flooded data brokers with tens of thousands of requests at once, making it virtually impossible to respond in the 10-day time frame.
Shannon McCracken, CEO of the Nonprofit Alliance, said Daniel’s Law came about “with good intent and from a tragic history.”
“But [Atlas] saw a possibility with the way the law was drafted and subsequently updated to have this sort of gotcha moment to make life more difficult for data brokers, and downstream to nonprofits who rely on data brokers for their fundraising,” she said.
State Sen. Joe Cryan, the bill’s sponsor, said creating an industry to enforce Daniel’s Law was no accident, calling data brokers “ghoulish.”
“I don’t know [Atlas], but if not them, somebody else could get in the market. It’s America,” Cryan said. “Just do the right thing here and protect the privacy of people that deserve it.”
