Law: The Act relative to the expectation of privacy (the Act)

Regulator: New Hampshire Attorney General (AG)

Summary: The Act relative to the expectation of privacy (the Act) was signed into law by the Governor of New Hampshire on March 6, 2024. The Act will enter into force on January 1, 2025, and introduces obligations for data controllers and processors, including transparency obligations, such as the requirement to provide privacy notices and data security obligations, as well as a requirement to conduct data protection assessments in specific circumstances. The Act also contains provisions that govern controller and processor relationships as well as data subject rights, including the right to confirm whether a controller is processing a consumer's data, and the right of access, deletion, correction, and to opt out of certain processing. Furthermore, the Act provides the New Hampshire Attorney General (AG) with enforcement powers but does not provide a private right of action.

The New Hampshire Insurance Data Security Law under § 420-P:1 et seq. of Chapter 420-P of Title XXXVII on Insurance of the Revised Statute (the Insurance Data Security Law) which entered into force on January 1, 2020, requires insurance companies licensed in New Hampshire to implement data security programs and report cybersecurity incidents.

The New Hampshire Revised Statute §332-I:1 (1996 through Regular Sessions) requires health care providers and business associates to obtain authorization from individuals before using or disclosing their protected health information (PHI) for marketing purposes. Furthermore, operators of websites, online platforms, and applications targeting students and their families must create and maintain reasonable data security procedures to protect certain information about students.

You can follow legislative developments in the US through the USA State Law Tracker.