This bill introduces Chapter 507-I to existing law, which establishes comprehensive protections for personal information and outlines individuals' rights concerning the collection, retention, and use of their personal data. It defines essential terms such as "personal information," "government entity," and "third-party providers of information and services." The legislation emphasizes that individuals have a reasonable expectation of privacy regarding their non-public personal information and prohibits third-party providers from disclosing such information without explicit consent, except in specific situations like emergencies or legal obligations.

Furthermore, the bill amends RSA 359-N:2, I(c) to allow the collection, retention, or provision of biometric data only as specified in this new chapter or in RSA 507-I. It establishes penalties for violations, including civil actions by the attorney general, while clarifying that no private right of action is created under this chapter. The bill is set to take effect on January 1, 2026, and its fiscal impact is deemed indeterminable for state and local governments, with potential implications for judicial and correctional expenditures due to changes in criminal penalties and statutes. Various agencies, including the Judicial Branch and the Department of Justice, have been consulted regarding the bill's implications.

Statutes affected:
Introduced: 359-N:2
As Amended by the House: 359-N:2