Brad Close President | NFIB Hampshire
Brad Close President | NFIB Hampshire
The New Hampshire Attorney General’s Office has released guidance on the new consumer data privacy law effective January 1, 2025. This legislation, known as the New Hampshire Data Privacy Act (NHDPA), was signed into law by former Governor Sununu last year.
The NHDPA provides several rights to consumers concerning their personal data held by businesses. These rights include the ability to confirm if their data is being processed, correct inaccurate data, request data deletion, receive their data in a readable format, and opt out from certain data processing activities. Companies have up to 45 days to comply with these requests, which can be extended where necessary.
The act limits data collection to what is strictly necessary for its intended purpose and requires consumer consent for collecting additional or sensitive data. Businesses must also protect data confidentiality and give consumers the option to opt out of third-party processing. While businesses may deny some requests, an appeals process is defined, and complaints can be directed to the New Hampshire Attorney General.
Penalties for violations are set at up to $10,000 per incident, but the law does not allow individuals to file lawsuits as a remedy for grievances.
Entities subject to the NHDPA include those processing the data of 35,000 or more unique consumers or generating significant revenue from data sales. Shared aspects include defining controllers and processors, with distinctions on data control and handling methodologies.
The law exempts specific data categories, such as HIPAA-regulated data, clinical research data, and data compliant with various federal acts. Further exemption details can be found in NH RSA 507-H:3.
The full guidance and FAQs can be accessed through the New Hampshire Attorney General’s Office for consumers seeking detailed information.
ORGANIZATIONS IN THIS STORY
!RECEIVE ALERTS
Alerts Sign-up