N.H. House Rep Hopes for 'Different' Result This Year on Privacy Law Supplement in Senate
A Democrat and a Republican testified together at a hearing Tuesday in support of an opt-in bill meant to enhance New Hampshire’s comprehensive privacy law. The state’s Senate Judiciary Committee heard testimony on HB-195, which passed the House on a bipartisan basis March 26 despite industry arguments that supplementing the state’s comprehensive privacy law is unnecessary (see 2503270021). The committee also considered a House-passed government privacy bill (HB-522).
Sign up for a free preview to unlock the rest of this article
The New Hampshire Data Privacy Act (NHDPA) took effect about three months ago. If HB-195 were to become law, some organizations would be barred from disclosing personal information without opt-in consent. That’s unlike current law under the NHDPA, which requires opt-out consent except for sensitive data.
Last year, the House also passed a bill like HB-195, but it stalled in the Senate. Bill sponsor Rep. Bob Lynn (R) told the Judiciary panel Tuesday that he is hoping for a “different outcome” in the Senate this year.
"We should not have to be wasting any time on these bills,” said Rep. Marjorie Smith, a Democratic co-sponsor of HB-195. The federal government should "have acted by now to set up national standards that were clear to everyone -- both the people who want to protect privacy, and those people who want to find out as much as they can about you. But the federal government has not acted, and that's why we are here."
Smith urged senators not to be persuaded by lobbying that says New Hampshire shouldn’t deviate from other states with privacy laws. She noted that a recent Consumer Reports study found many companies don’t consistently comply with state privacy laws (see 2504020065).
The bill is meant to supplement the NHDPA, dealing only with information disclosure, not data acquisition, emphasized Lynn, who chairs the House counterpart of the Judiciary Committee.
Also, he said that the bill aims to apply opt-in protection to a smaller group than those covered under NHDPA -- "service providers that typically collect a lot of personal information,” including credit card and insurance companies. The opt-in question must be presented as a "separate request," not "buried ... on the computer screen down in the corner,” he added. In addition, Lynn noted that the bill has exemptions that allow for disclosure for “legitimate” purposes.
However, Judiciary Committee Chairman Bill Gannon (R) asked if the federal Gramm-Leach Bliley Act makes HB-195 unnecessary. Lynn replied that there is “not anywhere near a complete overlap.” But Gannon asked if the existence of any overlap would cost businesses money.
Since HB-195 would authorize enforcement only by the state attorney general, committee Vice Chairman Daryl Abbas (D) asked if there had been any discussion of including a private right of action (PRA).
As Smith laughed, Lynn responded: “Yes, there was an extensive discussion about that." House lawmakers decided to put a PRA instead in the government privacy bill (HB-522), so that individuals could sue the state, he said. Lynn said he didn’t support allowing the same against businesses.
Smith said she strongly favored including a PRA in the private sector bill initially. "It was only after weighing the specifics in this legislation and” the separate government privacy bill “that I began to focus on the difference between the adversary ... being a private corporation versus the adversary being the state." While meant to be independent, the state AG could be put in a difficult position if it had to enforce possible privacy violations by the government, she said.
HB-195 opponents, including the State Privacy & Security Coalition (SPSC) and New England Connectivity and Telecommunications Association, largely echoed testimony they gave to a House committee last month (see 2503050038). Meanwhile, the attorney general’s office, officially neutral on the bill, repeated its criticism that the bill doesn’t include high enough penalties.
The NHDPA already "extensively regulates the disclosure of data from one company to another,” said SPSC counsel Andrew Kingman: "This is all very clearly and rigorously spelled out in the comprehensive bill, so trying to add separate requirements with separate terms that only apply to some types of companies and some types of data in a very different way really just is hard to square" with the existing law. The bill’s opt-in requirement could clash with the NHDPA’s support for universal opt-out mechanisms, he added.
Later in the hearing, Rep. Keith Erf (R) urged the committee to approve his government privacy bill, HB-522. "I believe we in the legislature need to take seriously our responsibility to clarify in statute what our constitutional right to privacy means with respect to the government collection or storage of information of our residents,” said Erf. “We live in a world where individual privacy is being continually eroded.”
Lynn supported HB-522. "The purpose of this bill is to not in any way to prevent government from engaging in any of the legitimate activities that it engages in now, but to prevent government from engaging in, for lack of a better term, illegitimate activities,” the representative said.
“I have no information suggesting that any of the agencies of government are, you know, engaging in any nefarious collection of information." But, added Lynn, “Better safe than sorry.”