Ali Jessani, Kirk Nahra, and Genesis Ruano of Wilmer Hale write:
On January 4, 2023, the New Hampshire House of Representatives passed Senate Bill 255 (the “Act”) with amendments, setting the stage for New Hampshire to become the latest state with a comprehensive privacy law. The Act will now move on to the House and awaits Senate concurrence (the Senate already has passed a mostly similar version, so concurrence is expected). Assuming the Senate passes the latest version of the bill, it will then move to the New Hampshire Governor’s desk for signature. If enacted, the new privacy law would go into effect on January 1, 2025.
Assuming the Act makes it through the remaining legislative process, New Hampshire will become the first state in 2024 to pass “comprehensive” privacy legislation (joining California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia), though there is a chance that New Jersey beats it to the punch. Overall, the bill does not impose any new obligations on businesses that did not previously exist under other laws. Additionally, and like most of the other state laws, the Act is only enforceable by the state attorney general and provides a discretionary 60-day cure period for compliance violations. Despite its similarities to other laws, the Act adds to the complexity of the state privacy law landscape and demonstrates the need for companies to continuously reevaluate their privacy compliance programs to ensure compliance across rapidly evolving state laws.
In this post, we highlight key takeaways and provisions from the Act.
Read more at JDSupra.
In related news, “The New Jersey Senate and Assembly passed consumer privacy bill S332/A1971. The bill now goes to Governor Phil Murphy for his signature. If signed, the law will become the 13th state to pass a broadly applicable privacy bill.” Read more by Mark Brennan, Sophie Baum, and Harsimar Dhanoa at Hogan Lovells.