This bill introduces Chapter 507-I to existing law, which establishes comprehensive protections for personal information and outlines individuals' rights regarding the collection, retention, and use of their personal data. It defines key terms such as "personal information," "government entity," and "third-party providers of information and services." The legislation asserts that individuals have a reasonable expectation of privacy in their non-public personal information and prohibits third-party providers from disclosing such information without explicit consent, except in specific circumstances like emergencies or legal obligations. Additionally, it mandates that consent requests must be clear and require an affirmative "opt-in" response from individuals.

The bill also specifies the conditions under which third-party providers may disclose personal information to government entities without consent, such as compliance with subpoenas or search warrants, and establishes penalties for violations, allowing the attorney general to pursue civil actions against offenders with potential monetary damages. It amends existing law regarding biometric data collection to ensure that the provisions of Chapter 507-I apply to biometric information as well. The act is set to take effect on January 1, 2026, and is expected to have indeterminable fiscal impacts on state and local governments, particularly concerning expenditures related to the judicial and correctional systems. The fiscal note indicates no expected revenue generation from this bill, while potential costs may arise from prosecution, incarceration, probation, and parole.

Statutes affected:
Introduced: 359-N:2
As Amended by the House: 359-N:2