This bill introduces Chapter 507-I to existing law, which establishes comprehensive protections for the collection, retention, and use of personal information. It defines essential terms such as "personal information," "government entity," and "third-party providers of information and services." The legislation emphasizes that individuals have a reasonable expectation of privacy regarding their personal information held by third-party providers, which cannot be disclosed without explicit consent, except in specific situations like emergencies or legal obligations. Additionally, it requires that consent requests be clear and necessitate affirmative action from individuals to opt-in.

The bill also specifies the conditions under which third-party providers may disclose personal information to government entities without consent, such as compliance with subpoenas or search warrants. It establishes penalties for violations, empowering the attorney general to pursue civil actions against offenders, which may include monetary damages. Furthermore, it amends existing laws concerning biometric data collection to ensure that the provisions of Chapter 507-I apply to such data as well. The act is set to take effect on January 1, 2026, and while the fiscal impact on state and local governments is indeterminable, there may be implications for expenditures related to the judicial and correctional systems due to changes in criminal penalties.

Statutes affected:
Introduced: 359-N:2
As Amended by the House: 359-N:2