How to create a privacy policy for your facebook page
Privacy Policy for Facebook Pages
Create a tailored Privacy Policy, Terms & more in under 5 minutes.
March 6, 2024, marked a significant moment in New Hampshire as Governor Chris Sununu officially enacted SB 255, thereby cementing the state’s position as the 15th to embrace a comprehensive privacy law. This pivotal legislation stands to empower New Hampshire residents with robust protections surrounding their personal data, while simultaneously placing stringent demands on businesses to safeguard these rights and ensure adherence to legal requirements. Personal data, encompassing information capable of identifying individuals, lies at the heart of this law.
The New Hampshire Privacy Law (SB 255) serves as a guidepost, elucidating the rights of New Hampshire consumers and delineating the regulatory framework for businesses obligated to comply with its provisions.
New Hampshire is poised to become the 14th state to enact a comprehensive privacy law, following New Jersey’s lead with the New Jersey Data Protection Act earlier this year. Currently, the Act is moving through the House, awaiting approval from the Senate, which appears likely given their support of a similar version. If the Senate gives the latest version the green light, it will head to the New Hampshire Governor’s desk for signing. If all goes according to plan, this new privacy law will take effect on January 1, 2025.
The New Hampshire Data Privacy Act mirrors Connecticut’s 2022 law, which drew inspiration from legislation in other states like Virginia, Colorado, and Utah. The bill aims to grant consumers broad rights concerning their privacy and control over personal data. Below, we’ll highlight some key points of the New Hampshire data privacy law.
While the U.S. Congress grapples with federal privacy legislation, the New Hampshire consumer protection bill is viewed favorably by privacy advocates as a step towards enhanced privacy protections. However, the Attorney General’s Office has raised concerns about implementation costs, which played a significant role in the committee’s decision to delay the bill’s progression in 2023. You can access the text of the law here.
SB 255 reaches out to businesses operating within New Hampshire, following specific guidelines. Entities handling personal data from a substantial consumer base or earning significant revenue from data sales fall under the scope of this legislation.
Applicability
SB 255 applies to individuals conducting business in New Hampshire (“NH”) or those who:
“produce products or services targeted to residents of” NH and, within a year:
SB 255’s protections extend to NH residents outside of commercial or employment settings, aligning with exemptions in most state privacy laws except California.
Exemptions & Exceptions
However, SB 255 includes exemptions. Government agencies, nonprofits, and educational institutions are not subject to this law. Certain data categories regulated by existing statutes, like HIPAA or the Fair Credit Reporting Act, are also exempt from SB 255’s provisions. New Hampshire Privacy Law (SB 255) does not apply to the following entities:
Controllers bear several responsibilities under New Hampshire law. A key obligation is to furnish a “reasonably accessible, clear, and meaningful privacy notice” meeting standards set by the secretary of state. This notice should cover:
This entails conducting due diligence to understand the personal information collected, processed, and maintained. Additionally, controllers must:
Controllers may need to conduct and document data protection assessments for processing sensitive data or profiling activities posing a heightened risk of harm to consumers.
New Hampshire Privacy Law (SB 255) grants consumers various rights concerning their privacy, such as the right to know if their personal data is being processed and to access, amend, or erase their personal information. Consumers can:
When consumers exercise these rights, controllers must respond promptly, within 45 days of receiving the request. If necessary, the controller may extend the response time by another 45 days. Consumers can appeal a controller’s decision within a reasonable time frame. Similar to the CCPA, controllers may authenticate requests to exercise these rights and are not obligated to comply if authentication fails, provided they inform the requesting party.
Businesses in New Hampshire must follow Privacy Law (SB 255) to protect consumer data and be transparent about how they use it. They must collect only necessary data, tell consumers why they collect it, and use it only for those reasons unless they get more consent. Businesses must also keep data safe and get explicit permission before using sensitive information. They must comply with COPPA when handling kids’ data and let consumers withdraw consent easily. Before using data for targeted ads or selling it, they need consumer consent. Consumers should have simple ways to exercise their data rights. Regular security checks are required to ensure compliance. Section 507-H:6 outlines specific duties for data controllers, emphasizing limited data collection, strong security, and consumer-focused consent.
Craft a Clear Privacy Policy
Creating a transparent and user-friendly Privacy Policy is crucial for complying with SB 255. Your policy should explain your data processing activities, reasons for collecting data, how consumers can exercise their rights, and any data sharing with third parties. To comply with New Hampshire Privacy Law (SB 255), your Privacy Policy should include:
Section 507-H:6 of New Hampshire Privacy Law (SB 255) outlines the required clauses for a Privacy Policy, including the types of personal data processed and reasons for processing.
Limit Data Collection
SB 255 requires businesses to only collect data necessary for disclosed purposes, following the principle of data minimization.
Enhance Data Security
Implement strong security measures, including physical, administrative, and technical safeguards, to protect collected personal data from breaches and unauthorized access.
Obtain Explicit Consent
Obtain prior consumer consent before processing sensitive data, conducting targeted advertising, or selling personal data. Utilize “I Agree” checkboxes to facilitate consent.
Respond Promptly to Consumer Requests
Address consumer requests regarding their personal data promptly, following specified response timelines and providing appeal avenues in case of disputes.
Conduct Data Protection Assessments
Certain data processing activities require thorough assessments to evaluate risks to consumer privacy, ensuring compliance with SB 255.
Keep Data Secure
Implement physical, administrative, and technical safeguards appropriate to the volume of personal data collected. Examples include firewalls, multi-factor authentication, staff training, and security systems.
Get Consent
Obtain consumer consent before processing sensitive data, engaging in targeted advertising, or selling personal data, as outlined in legal documents such as Terms and Conditions and Privacy Policy.
Enforcement of SB 255 lies with the attorney general, who ensures compliance. SB 255 does not allow private action and is enforced solely by the New Hampshire Attorney General. Additional funds have reportedly been allocated to support enforcement. The bill allows for a 60-day cure period for violations, with a one-year sunset period on broad right-to-cure provisions as of January 1, 2026. Violations may incur fines of up to $10,000 per violation under New Hampshire’s Regulation of Business Practices for Consumer Protection.
Senate Bill (SB) 255 represents a significant step forward for privacy regulation in New Hampshire. This legislation aims to protect personal data and empower consumers while imposing important obligations on businesses. SB 255 underscores the importance of transparency, accountability, and consumer rights in the digital era. From defining its scope to outlining responsibilities for data controllers and safeguarding consumer rights, SB 255 provides a comprehensive framework for privacy regulation. It emphasizes limiting data collection, enhancing security measures, obtaining consent, and promptly addressing consumer requests.
In essence, SB 255 reflects New Hampshire’s commitment to creating a trustworthy digital environment where privacy is respected. As businesses adapt to these regulations, it’s crucial to prioritize consumer privacy and uphold the principles outlined in SB 255.