close
close
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
header image

New Hampshire

New Hampshire Senate Bill 255 (NHPA)

Passed March 6, 2024
Effective Date January 1, 2025
Who it applies to

Businesses that (1) control or process personal data of 35,000 or more unique consumers; or (2) controls or processes the personal data of 10,000 or more unique consumers and derives more than 25% of its revenue from the sale of personal data. Exempt entities include government agencies, nonprofits, as well as financial institutions subject to the Gramm-Leach-Bliley Act (GLBA).

Penalties Up to $10,000 per violation.

What’s notable about it:

New Hampshire’s privacy law has undergone significant changes since its initial drafting, resulting in a distinct approach compared to other state privacy laws.

Originally, the law empowered the Secretary of State to issue regulations for privacy policies and consumer rights, which would have allowed for more flexible updates to compliance requirements. However, a key amendment in August removed this regulatory authority. Now, businesses must comply with the law’s requirements without waiting for additional instructions or rules from the state. This change simplifies the implementation process but also places greater responsibility on businesses to interpret and comply with the law as written.

Although the law doesn’t introduce significant new concepts, it follows a trend seen in other states by requiring a universal opt-out mechanism, giving consumers more control over their data. This aligns with laws in states like California and Colorado, where consumers can opt out of data sales and targeted advertising across multiple platforms.

The Strict Spectrum

Least Strict
Less Strict
Moderately Strict
More Strict
Most Strict