Bill Text - HB1750 (2018)

Relative to an expectation of privacy in personal information.

Revision: Nov. 20, 2017, 8:52 a.m.

HB 1750-FN - AS INTRODUCED

 

 

2018 SESSION

18-2556

06/03

 

HOUSE BILL 1750-FN

 

AN ACT relative to an expectation of privacy in personal information.

 

SPONSORS: Rep. Kurk, Hills. 2

 

COMMITTEE: Judiciary

 

-----------------------------------------------------------------

 

ANALYSIS

 

This bill establishes an expectation of privacy in personal information.  This bill also prohibits the government from acquiring, retaining, or using personal information with certain specific exceptions.

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Explanation: Matter added to current law appears in bold italics.

Matter removed from current law appears [in brackets and struckthrough.]

Matter which is either (a) all new or (b) repealed and reenacted appears in regular type.

18-2556

06/03

 

STATE OF NEW HAMPSHIRE

 

In the Year of Our Lord Two Thousand Eighteen

 

AN ACT relative to an expectation of privacy in personal information.

 

Be it Enacted by the Senate and House of Representatives in General Court convened:

 

1  New Chapter; Expectation of Privacy in Personal Information.  Amend RSA by inserting after chapter 507-G the following new chapter:

CHAPTER 507-H

EXPECTATION OF PRIVACY IN PERSONAL INFORMATION

507-H:1  Definitions: In this chapter:

I.  "Individual" means a living human being.

II.  "Government" means the federal government, the state government and any political subdivisions thereof, and state and municipal agencies and departments, including employees, agents, and contractors.

III.  "Information and service providers" means those persons who provide an individual with information and services, including cellular and land-line telephone service providers; Internet service providers; cable television providers; social media providers; email service providers; banks and financial institutions; insurance companies; and credit card companies, but excluding service providers regulated by the public utilities commission as defined in RSA 363:37, II.

IV.  "Persons" means individuals, partnerships, limited liability companies, corporations, and any other organizations, including for-profit and not-for-profit entities, but excluding government.

V.  "Personal information" means:

(a)  A person's name, date or place of birth, social security number, address, employment history, credit history, financial information, account numbers, cellular telephone numbers, voice over Internet protocol or landline telephone numbers, biometric identifiers, including fingerprints, facial photographs, or images, retinal scans, DNA/RNA, or other identifying data unique to that individual; or

(b)  One or more pieces of information that, when considered together or in the context of the information that is presented or gathered, are sufficient to identify a unique individual.

507-H:2  Expectation of Privacy.

I.  An individual shall have an expectation of privacy in personal information, the content of messages, and the history of usage of the information or service given or available to information and service providers with whom the individual has a contractual relationship.

II.(a)  No government shall acquire, collect, retain, or use the personal information described in paragraph I, directly or indirectly, related to individuals located in New Hampshire except:

(1)  With the express written consent of the individual, provided that such consent is not a condition for providing information or service.

(2)  With a warrant signed by a judge and based on probable cause or pursuant to a judicially-recognized exception to the warrant requirement.

(3)  In the case of the division of emergency services and communications, when handling emergency 911 telecommunications.

(b)  Subparagraph (a) shall not apply to personal information described in paragraph I if required by a government pursuant to state or federal law, provided that such information is requested of and supplied by an information and service provider for named individuals only or, in the case of employees and/or contractors of an information and service provider, for all of its employees and/or contractors.

(c)  Subparagraph (a) shall not apply to personal information described in paragraph I if the individual to whom it pertains (1) provides it to a government, but only for the purpose for which it is provided, including, but not limited to, credit card transactions and affinity programs, or (2) authorizes access to it by a government, but only for the purpose for which such access is granted.

III.  No government shall acquire, collect, or retain individually-identifiable social media data, including such data associated with Facebook and Twitter, whether password protected or encrypted or not, except:

(a)  With a warrant signed by a judge and based on probable cause, or pursuant to a judicially-recognized exception to the warrant requirement.

(b)  In connection with hiring an individual to work for a government.

(c)  If investigating misconduct on the part of employees or contractors of a government.

(d)  In an emergency involving severe bodily injury or significant damage to property.

(e)  If required by a government pursuant to state or federal law, provided that such social media data is for named individuals only.

(f)  If the individual to whom such social media data pertains (1) provides it to a government, but only for the purpose for which it is provided, including but not limited to credit card transactions and affinity programs, or (2) authorizes access to it by a government, but only for the purpose for which such access is granted.

(g)  Where there exists a reasonable suspicion that a named individual has committed a criminal act.

IV.  This chapter shall not apply to personal information acquired, collected, retained, or used by the judicial branch or by any state regulatory agency when such acquisition, collection, retention, or use is within the branch's or agency's adjudicatory or regulatory function.

507-H:3  Action Against a Corporation.  This chapter shall not be construed to create a cause of action against a corporation or its officers, employees, or agents for providing information to a government in accordance with the provisions of this chapter.

507-H:4  Federal Preemption.  If federal law preempts any provision of this chapter, that provision shall not apply to the federal government.

507-H:5  Construction.  This chapter shall be construed to provide the greatest possible protection of the privacy of the people of this state.

507-H:6  Penalties.  Any government agency, including the judicial branch, that uses an individual's personal information in violation of RSA 507-H:2 shall incur a fine of $10,000 for each such individual.

2  Effective Date.  This act shall take effect July 1, 2018.

 

LBAO

18-2556

11/16/17

 

HB 1750-FN- FISCAL NOTE

AS INTRODUCED

 

AN ACT relative to an expectation of privacy in personal information.

 

FISCAL IMPACT:      [ X ] State              [    ] County               [    ] Local              [    ] None

 

 

 

Estimated Increase / (Decrease)

STATE:

FY 2019

FY 2020

FY 2021

FY 2022

   Appropriation

$0

$0

$0

$0

   Revenue

Indeterminable

Indeterminable

Indeterminable

Indeterminable

   Expenditures

Indeterminable Increase

Indeterminable Increase

Indeterminable Increase

Indeterminable Increase

Funding Source:

  [ X ] General            [    ] Education            [ X ] Highway           [ X ] Other - Various Government Funds

 

 

 

 

 

METHODOLOGY:

This bill would enact chapter 507-H concerning the expectation of privacy in personal information.  

 

The Judicial Branch identified two provisions in  this bill which could have a fiscal impact on the Branch.  

  • Proposed RSA 507-H:2, II(a) and III(a) would require a search warrant for a government to obtain personal information.  The Branch has no information on which to estimate how many additional warrant would be sought, but does have information on the cost of processing warrants in the trial court.  Warrants can be obtained from both the circuit court and the superior court. The estimated cost of an average warrant in the circuit court will be $72 in FY 2019 and $73 in FY 2020.  The estimated cost of a warrant request in the superior court is $279 in FY 2019 and $284 in FY 2020.
  • Regarding the penalty section of the bill, proposed RSA 507-H:6 does not provide for enforcement of the $10,000 fines against any government that uses an individual’s personal information in violation of the chapter.  The type of proceeding in the superior court most alike these civil actions would be a complex civil case.  The Branch has no information on how many actions for imposition of the civil fines would be filed in the superior court but indicates the cost of an average complex civil case in the superior court will be $737 in FY 2019 and $745 in FY 2020.

The Department of Justice states it is not clear if the intent of the bill is to create a civil cause of action allowing individuals to sue or if enforcement by a government authority would be required. If a civil cause of action is created, the Department of Justice would have to defend any state agency, board, commission or employee who might be sued.  The Department cannot estimate how many such lawsuits might result from passage of the bill.  If the Department were to be responsible for enforcement, a straightforward enforcement action without significant constitutional issues would require between 70 and 100 hours of an attorney’s time.  The Department has no basis upon which to estimate the number of possible enforcement actions.  Finally, the Department would provide legal counsel to state boards, agencies and commissions regarding the limitation imposed by the bill.  The Department could provide such counsel within its current budget.

 

The Department of Administrative Services indicates the fiscal impact of this bill to the State is indeterminable.  The bill would prohibit the submission of personal information by the Employee and Retiree Health Plan (HBP) to the federal government to obtain Employer Group Waiver Plan (EGWP) subsidies without the express written consent from each member for each type of information exchange.  In CY 2016, the EGWP subsidies provided $4.5 million in revenue to the Retiree Health Benefit Plan.  The Department states the requirement to obtain express written consent would impose an extreme administrative burden which could jeopardize the subsidy.  The penalty provision provides for a $10,000 per individual whose information is wrongly used.  The Department states there are more the 36,000 members in the HBP and the Department assumes it could be subject to fines.  The number of HBP members who would provide written consent is unknown.  If members do not provide consent, the HBP could face significant fines if it submits data to the federal government.  If the data is not provided there is a risk of losing the $4.5 million federal subsidy.  Two additional staff and resources would be needed develop a process to obtain written consent from plan members and to administer a plan for members who do not consent.  

 

The New Hampshire Municipal Association indicates this bill is unlikely to have an impact on municipal revenues and expenditures.

 

The New Hampshire Association of Counties determined this bill would have no fiscal impact on the counties.

 

AGENCIES CONTACTED:

Judicial Branch, Departments of Administrative Services and Justice, New Hampshire Municipal Association and New Hampshire Association of Counties