Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back

Privacy Laws and Rights: New Hampshire Doesn’t Have One Yet, But Businesses Should Be Prepared

Written by: John Weaver

Published in NH Business Review (August 1, 2021)

Throughout their short history, privacy regulations have caused a stir among the organizations they govern.

When the European Union’s privacy law, the General Data Protection Regulation (GDPR), was adopted in 2016, many businesses that operate between the United States and Europe worried how the stricter data requirements would impact their organizations. When the California Consumer Privacy Act (CCPA) was adopted in 2018, many companies that manage Californians’ personal data had to re-evaluate their operations. But something funny has begun to happen. When Virginia adopted its Consumer Data Protection Act earlier this year, there was little hand wringing. More recently, the passage of the Colorado Privacy Act was met largely by indifference. The trend these laws suggest is clear: navigating the requirements of privacy laws is becoming standard operating procedure for businesses, as their leaders expect more states to adopt similar laws.

Although the New Hampshire legislature has considered privacy legislation similar to the California Consumer Privacy Act, the state has not adopted a comparable law. However, given the General Court’s previous consideration of the legislation, the development of privacy rights in other states, and consumers’ shifting expectations, New Hampshire business leaders should expect, and prepare their organizations for, the creation of privacy rights and obligations.

Scope of Privacy Laws

The “personal information” governed by privacy laws is intended to be broad. The CCPA’s definition of personal information is representative of most: “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular” person. If that sounds like it could be almost any information about a person, you are starting to grasp the scope of privacy laws. Businesses should adjust their operations to consider the personal information they collect from employees, consumers, potential consumers, employees of vendors and customers, and anyone else that interacts with the business.

Disclosure Requirements

Privacy laws typically require organizations to maintain a privacy notice or policy that satisfies defined standards of accessibility and states specific information. Businesses need to present the policy to individuals when personal information is collected or before. The specific disclosures required in policies vary a little by jurisdiction, but in general, a privacy notice must state the personal information collected, how the organization uses that information, the third parties that receive the personal information from the organization, and how long the organization will retain the personal information. You must understand how your organization collects and uses personal information in order to prepare an appropriate and accurate privacy policy.

Privacy Rights

Privacy rights are the specific requests that individuals can make to organizations that collect and maintain their personal information and that those organizations must honor. They include:

  • The right to deletion, permitting a person to request that a business delete all personal information it has about the person;
  • The right to correction, permitting a person to request that a business correct his or her personal information;
  • The right to data portability, permitting a person to request that a business provide a copy of all personal information in the possession of the business; and
  • The right to opt-out, permitting a person to request that a business stop selling or using that person’s personal information.

 

Privacy laws like the GDPR and CCPA create privacy rights and obligate the organizations governed by those laws to enforce the rights upon request. Businesses need to review carefully their data collection and maintenance operations to ensure that they are capable of acting upon those requests. For example, if a consumer asked your organization to delete every piece of their personal information in your system, could you do that? Every email containing their address or preferences? Every application or survey? When you start to consider how broadly privacy laws define personal information, the need to create administrative, physical and technological systems capable of sorting and responding to privacy rights requests becomes apparent.

In addition to the rights and obligations above, privacy laws also address other topics like children’s data, non-discrimination following the exercise of privacy rights, and heightened care for sensitive personal information like health data and data about an individual’s ethnic background. New Hampshire businesses that have not begun to consider how privacy laws will affect their operations should begin doing so soon, as it is only a matter of time before they will need to, and complying becomes harder the longer you wait.

Integrity and trust

At McLane Middleton we establish and maintain long-standing relationships with our clients to help us better achieve their unique goals over time. This approach to building trust requires that our esteemed lawyers and professionals use their broad, in-depth knowledge and work together with integrity to ascertain sound resolutions to legal matters for their clients.

Strength in numbers

McLane Middleton is made up of more than 105 attorneys who represent a broad range of clients throughout the region, delivering customized solutions. As a firm we are recognized as having the highest legal ability rating. The firm is rated Preeminent by Martindale Hubbell and is recognized as one of the nation's leading law firms in Chambers USA. Our attorneys are distinguished leaders in their respective practice areas.

Meet Our People

Commitment and collaboration

McLane Middleton's versatile group of attorneys and paralegals become trusted authorities on each case through collaboration. We work with our clients to learn their individual needs first and foremost and, together, we develop comprehensive solutions to their specific legal matters. This approach helps us exceed our clients' expectations efficiently and effectively, client by client, case by case.

Practice Areas

A history of excellence

McLane Middleton was established in 1919 in New Hampshire, and has five offices across two states. However, deep historical roots don't allow you to become innate. Our firm is organized, technological, and knowledgeable. Our history means we are recognized. But our reputation is built on the highest quality of service and experience in very specific areas of law.

The Firm

Intelligence paired with action

Our team continuously seeks opportunities to enhance their professional development and put key learnings to action. The pursuit of further insight guides us to volunteer service opportunities, speaking engagements, and teaching roles. Our lawyers are sought after thought leaders across their industries, and recipients of leadership awards throughout the region.