Revision: March 17, 2025, 12:59 p.m.
Rep. Lynn, Rock. 17
March 10, 2025
2025-0929h
05/08
Amendment to HB 522-FN
Amend the bill by replacing all after the enacting clause with the following:
1 New Chapter; Expectation of Privacy. Amend RSA by inserting after chapter 507-H the following new chapter:
CHAPTER 507-I
EXPECTATION OF PRIVACY
507-I:1 Definitions. In this chapter:
I. “Available to the public” means personal information about an individual which is widely known or readily available to the public and in which that individual therefore could not have a reasonable expectation of privacy.
II. “Government entity” means municipal, county state or federal department, agency board, commission, or employee, elected official, or contractor. “Government entity” shall not apply to a federal government agency to the extent that federal statute preempts such application.
III. “Personal information” means an individual’s name, date or place of birth; social
security number; address; employment history; credit history; financial and other account numbers; cellular telephone numbers; voice over Internet protocol or landline telephone numbers; location information; biometric identifiers including fingerprints, facial photographs or images, retinal scans, genetic profiles, and DNA/RNA data; or other identifying data unique to that individual.
IV. “Third party providers of information and services” means individuals or organizations that collect personal information about an individual in connection with providing the following kinds of services to that individual: cellular and land-line telephone, electric, water, or other utilities; Internet service providers; cable television; streaming services; social media services; email service providers; banks and financial institutions; insurance companies; and credit card companies.
507-I:2 Expectation of Privacy in Personal Information.
I. With respect to a government entity, an individual shall have a reasonable expectation of privacy in personal information, including content and usage, given or available to third-party providers of information and services, and not available to the public.
II. Unless specifically authorized by statute, no government entity shall, acquire, collect, retain, or use any personal information of any individual residing in New Hampshire from any third-party provider.
III. Paragraph II shall not apply to:
(a) Personal information acquired, collected, retained, or used by a government entity when such acquisition, collection, retention, or use is for a purpose within the scope of the entity's investigative, law enforcement, regulatory, administrative, or adjudicatory authority.
(b) Personal information sought or obtained pursuant to a subpoena duly issued by a government entity acting within its investigative, law enforcement, regulatory, administrative or adjudicatory authority, by a duly empaneled grand jury, or by a court.
(c) Personal information sought or obtained pursuant to a duly issued search warrant or pursuant to a judicially recognized exception to the requirement for a search warrant.
(d) Personal information sought by the division of emergency services and communications for purposes of responding to or assisting with emergency 911 communications.
(e) An emergency, where the immediate danger of death or serious physical injury to an individual or substantial loss or destruction of property requires the disclosure, without delay, of personal information concerning a specific individual, telephone number, username, or other unique identifier, and where judicial process cannot be obtained in time to prevent the identified danger.
(f) Personal information relating to an individual who has authorized the government entity to access such information, but only for the purpose for which such access was granted.
(g) Other circumstances where the acquisition, collection, retention, or use of personal information by a government entity is authorized by law.
IV. Any person who knowingly violates the provisions of this section shall be guilty of a misdemeanor.
V. A person who is aggrieved by a violation of this chapter shall be entitled to recover the greater of actual damages or $1,000 from the government entity responsible for each such violation and an award of costs and reasonable attorney fees.
507-I:3 Action Against a Nongovernment Entity. This chapter shall not be construed to create a cause of action against a nongovernment entity for providing information to a government entity.
507-I:4 Federal Preemption. If federal law preempts any provision of this chapter, that provision shall not apply.
2 Regulation of Biometric Information; Collection of Biometric Data Prohibited. Amend RSA 359-N:2, I(c) to read as follows:
(c) Obtain, retain, or provide any individual's biometric data except as set forth in this chapter or in RSA 507-I.
3 Effective Date. This act shall take effect on January 1, 2026.