Industries Oppose Adding Opt-In for Data Disclosure to N.H. Privacy Law
Stick with the New Hampshire privacy law that took effect Jan. 1, industry lobbyists urged during a state House Judiciary Committee hearing Wednesday. The committee heard testimony on HB-195, which sponsor Rep. Bob Lynn (R) described as a supplement to the comprehensive New Hampshire Data Privacy Act (NHDPA). It’s “a very reasonable bill" that had bipartisan support last year, he said.
Sign up for a free preview to unlock the rest of this article
HB-195 is the same as a 2024 state bill that passed the House but stalled in the Senate. It deals only with information disclosure, not data acquisition, Lynn told the committee. Covered entities wouldn’t be able to disclose personal information without opt-in consent, unlike the NHDPA, which requires opt-out consent.
HB-195 specifies which industries are covered rather than applying to businesses more broadly like NHDPA does, he said. The bill covers ISPs and cellular and landline telephone companies; electric, water or other utilities; cable TV and streaming services; social media; email service providers; banks and financial institutions; insurance companies and credit card companies.
Some of the potentially covered industries railed against the bill at the hearing. State Farm thinks the bill "adds an unworkable overlay to the already complex landscape of privacy compliance for insurance companies,” said Nixon Peabody attorney Kierstan Schultz. State Farm prefers opt-out because it lowers compliance costs while still allowing individuals to decide how their data is used, she said.
"There could be regulatory conflicts and compliance burdens,” warned Ryan Hale, New Hampshire Bankers Association vice president of government relations. Banks already comply with multiple federal laws, including the Gramm-Leach-Bliley Act and Fair Credit Reporting Act, he said.
The NHDPA "was the solution to the problems that I believe this is intended to address,” said Chris Gilrein, TechNet executive director for the Northeast. HB-195 would be a major change for companies complying with the state’s comprehensive privacy law, he said.
Last year's privacy law addresses all the issues in HB-195 more thoroughly, said Andrew Kingman, counsel for State Privacy & Security Coalition, which represents various industries. “Companies spent the last year working to implement the law that's just been in here for two months,” said Kingman: The state should take a beat to see how NHDPA is working before significantly changing it.
The bill would “upend the careful balance” found in the privacy law that just came into effect and frustrate compliance efforts, said Maura Weston, lobbyist for the New England Connectivity and Telecommunications Association. Also, parts of HB-195 don’t align with NHDPA, including the bill’s broad definition of personal data that doesn’t differentiate between sensitive and non-sensitive data, she said.
While not supporting or opposing the bill, the New Hampshire attorney general’s office has concerns that HB-195’s enforcement section doesn’t provide for injunctions or subpoenas, said Assistant Attorney General Warren Cormack. In addition, it allows for much lower monetary penalties than the NHDPA, he said. Cormack said the AG’s “Consumer Protection Bureau would like to have the ability to stop harmful conduct through injunctions and seek meaningful penalties for violations of data privacy principles.”