New Hampshire Privacy Law Overview
New Hampshire's privacy law took effect January 1, 2025. It follows the mainstream multistate model with full consumer rights and opt-in sensitive-data consent, but its low 35,000-resident threshold means many smaller businesses serving New Hampshire are covered.
The New Hampshire Privacy Act (NHPA)
New Hampshire's law provides comprehensive access, correction, deletion, portability and opt-out rights with opt-in consent for sensitive data. Its relatively low thresholds bring many mid-sized businesses into scope, and the Secretary of State was directed to adopt rules on the form of privacy notices.
NHPA: Quick Overview
- Effective Date: January 1, 2025
- Citation: N.H. Rev. Stat. Ann. ch. 507-H
- Enforced By: New Hampshire Attorney General
- Maximum Penalty: Up to $10,000 per violation
- Private Right of Action: No (enforcement by the state only)
- Right to Cure: 60 days (expired January 1, 2026)
Who Must Comply
The NHPA applies to businesses that meet New Hampshire's applicability thresholds:
- Controls or processes the personal data of 35,000+ New Hampshire residents per year, or
- Processes data of 10,000+ residents and derives more than 25% of gross revenue from selling personal data
Consumer Rights Under the NHPA
New Hampshire residents can exercise the following rights over their personal data:
- Right to access / confirm what data is held
- Right to correct inaccurate data
- Right to delete personal data
- Right to data portability
- Right to opt out of targeted advertising
- Right to opt out of the sale of personal data
- Right to opt out of profiling for significant decisions
Sensitive personal data: Businesses must obtain opt-in consent before processing sensitive data (such as health, biometric, precise-geolocation, or demographic data).
Data Breach Notification in New Hampshire
New Hampshire requires notice to affected residents without unreasonable delay and to the Attorney General for breaches involving state residents.
- Deadline to notify residents: Without unreasonable delay following discovery
- Attorney General notice: Notify the New Hampshire Attorney General for breaches affecting residents
- Covered data: Name combined with sensitive identifiers (SSN, driver's license, financial-account or medical information, and more)
Federal Privacy Laws That Apply in New Hampshire
Even where New Hampshire law is silent, residents and businesses are covered by federal privacy statutes:
- HIPAA — health information held by providers, plans and their vendors
- GLBA — privacy and safeguards rules for financial institutions
- FERPA — student education records
- FCRA — consumer reporting agencies and background screening
- COPPA — online collection of data from children under 13
- FTC Act §5 — unfair or deceptive privacy and data-security practices
New Hampshire Privacy Law FAQ
What are New Hampshire's privacy-law thresholds?
Does New Hampshire require opt-in consent for sensitive data?
How a New Hampshire Privacy Attorney Can Help
For Businesses
- Build and audit a privacy compliance program
- Draft privacy policies, notices and vendor contracts
- Respond to consumer rights requests
- Manage data-breach response and notification
- Defend regulatory investigations and enforcement
For Consumers
- Enforce your privacy rights against non-compliant businesses
- Pursue or join data-breach litigation
- File complaints with the New Hampshire Attorney General
- Seek damages for identity theft and fraud
- Stop unlawful data sales and unwanted marketing
Need a New Hampshire Privacy Attorney?
Whether you are a business working toward compliance or a New Hampshire resident whose privacy has been violated, our network of New Hampshire-licensed attorneys can help.
Find a New Hampshire Privacy Attorney