This bill introduces Chapter 507-I to existing law, establishing comprehensive protections for personal information and outlining individuals' rights regarding the collection, retention, and use of their data. It defines key terms such as "personal information," "government entity," and "third-party providers of information and services." The legislation asserts that individuals have a reasonable expectation of privacy in their non-public personal information and prohibits third-party providers from disclosing such information without explicit consent, except in emergencies or as legally required. Consent requests must be clear and require affirmative action from individuals to opt-in.

Additionally, the bill allows for the disclosure of personal information to government entities under specific conditions, ensuring individuals are notified of such requests unless a court order or good cause exists to withhold notice. It establishes penalties for violations, empowering the attorney general to take civil action against offenders, while clarifying that no private right of action is created under this chapter. The bill also amends existing law regarding biometric data to incorporate references to the new chapter. The act is set to take effect on January 1, 2026, and its fiscal impact is indeterminable for state and local governments, with potential implications for judicial and correctional expenditures.

Statutes affected:
Introduced: 359-N:2
As Amended by the House: 359-N:2