{"id":4968,"date":"2024-03-14T11:23:00","date_gmt":"2024-03-14T17:23:00","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=resource&#038;p=4968"},"modified":"2025-03-05T10:48:33","modified_gmt":"2025-03-05T16:48:33","slug":"new-hampshire-consumer-expectation-of-privacy-act","status":"publish","type":"resource","link":"https:\/\/trustarc.com\/resource\/new-hampshire-consumer-expectation-of-privacy-act\/","title":{"rendered":"New Hampshire Consumer Expectation of Privacy Act"},"content":{"rendered":"\t\t<section id=\"block_3dd687c60e1a23d7a613a24726248075\" class=\"resource-intro intro-simple\">\n\t\t\t<div class=\"container\">\n\t\t\t\t\t\t\t\t\t<strong class=\"sub-title block uppercase\">article<\/strong>\n\t\t\t\t\t\t\t\t\t\t<h1>Background Brief: New Hampshire Consumer Expectation of Privacy Act<\/h1>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t<section id=\"block_2e45859206a74d31d5b18738f9bf7f17\" class=\"columns-content\">\n\t\t<div class=\"container\">\n\t\t\t<div class=\"left\">\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"middle\">\n\t\t\t\t<div class=\"content\">\n\t\t\t\t\t<h2>Are you New HampSURE you&#8217;re ready for the new NH Privacy Act?<\/h2>\n<p>New Hampshire became the 14th state to enact a comprehensive consumer privacy law when Governor Chris Sununu signed <a href=\"https:\/\/gencourt.state.nh.us\/bill_status\/billinfo.aspx?id=865&amp;inflect=2\" target=\"_blank\" rel=\"noopener\">SB 255-FN (\u201cAn Act relative to the expectation of privacy\u201d)<\/a> into law on March 6, 2024.<\/p>\n<p>The Act delivers many of the privacy protections consumers have in other U.S. states that have already introduced similar data privacy laws, including rights to request access to their personal data records held by controllers and have those records corrected and\/or deleted, as well as opt-out from having their personal data sold or used for targeted advertising.<\/p>\n<p>Also known as the New Hampshire Consumer Expectation of Privacy Act (NHPA), the state\u2019s privacy law is enforceable from January 1, 2025. Controllers must honor opt-out requests by no later than January 1, 2025.<\/p>\n<h2>Key dates: New Hampshire Consumer Data Privacy Law<\/h2>\n<ul>\n<li>January 19, 2023 \u2013 <a href=\"https:\/\/legiscan.com\/NH\/text\/SB255\/id\/2871280\" target=\"_blank\" rel=\"noopener\">SB255 \u201cRelative to the expectation of privacy\u201d<\/a> is introduced in the New Hampshire Senate and referred to the Judiciary Committee.<\/li>\n<li>March 16, 2023 \u2013 <a href=\"https:\/\/gencourt.state.nh.us\/bill_status\/legacy\/bs2016\/billText.aspx?sy=2023&amp;id=455&amp;txtFormat=pdf&amp;v=current\" target=\"_blank\" rel=\"noopener\">House Bill 314-FN \u201crelative to the expectation of privacy in the collection and use of personal information\u201d<\/a> is introduced in the New Hampshire House of Representatives. It differs slightly from SB255 with broader privacy protections for the state\u2019s citizens, including a private right of action against companies.<\/li>\n<li>March 6, 2024 \u2013 New Hampshire Governor Chris Sununu signs <a href=\"https:\/\/legiscan.com\/NH\/text\/SB255\/id\/2750381\" target=\"_blank\" rel=\"noopener\">SB 255-FN, (\u201crelative to the expectation of privacy\u201d)<\/a> into law. <a href=\"https:\/\/www.governor.nh.gov\/news-and-media\/governor-chris-sununu-signs-bill-protecting-consumer-data\" target=\"_blank\" rel=\"noopener\">In a media release announcing the new law<\/a> he says: <em>\u201cNew Hampshire is living up to our motto as the \u2018Live Free or Die\u2019 state by ensuring that \u2018The Granite Staters\u2019 have control over their personal information. This law provides transparency about what information is collected, why, and confidence that in the age of AI, steps are taken to protect that data.\u201d<\/em><\/li>\n<li>January 1, 2025 \u2013 New Hampshire Consumer Expectation of Privacy Act becomes enforceable.<\/li>\n<\/ul>\n<h2>New Hampshire expectation of privacy: Consumer personal data rights<\/h2>\n<p><a href=\"https:\/\/gencourt.state.nh.us\/bill_status\/billinfo.aspx?id=865&amp;inflect=2\" target=\"_blank\" rel=\"noopener\">SB255-FN \/ the New Hampshire Act relative to the expectation of privacy<\/a> defines a consumer as <em>\u201can individual who is a resident of this state\u201d<\/em> and just like many other U.S. state data privacy laws (apart from those in <a href=\"https:\/\/trustarc.com\/resource\/california-privacy-rights-act-cpra-compliance-quick-guide\/\" target=\"_blank\" rel=\"noopener\">California<\/a>), the definition of a consumer excludes individuals <em>\u201cacting in a commercial or employment context.\u201d<\/em><\/p>\n<p>The text of the Act defines personal data as <em>\u201cany information that is linked or reasonably linkable to an identified or identifiable individual.\u201d<\/em> This definition excludes <em>\u201cde-identified data or publicly available information.\u201d<\/em><\/p>\n<p>New Hampshire residents \u2013 along with parents\/guardians on behalf of their children and conservators\/guardians of consumers subject to protective arrangements \u2013 can exercise their personal data privacy rights by contacting each controller via <em>\u201ca secure and reliable means established by the secretary of state and described to the consumer in the controller&#8217;s privacy notice.\u201d<\/em><\/p>\n<p>By January 1, 2024, controllers must also <a href=\"https:\/\/trustarc.com\/resource\/global-privacy-control-known-user-consent\/\" target=\"_blank\" rel=\"noopener\">honor verified consumers\u2019 opt-out requests signaled via browser extension or device settings such as Global Privacy Control (GPC).<\/a><\/p>\n<p>The \u2018expectation of privacy\u2019 rights for consumers in New Hampshire include:<\/p>\n<ul>\n<li><strong>Right to confirm (right to know)<\/strong> whether a controller is processing their personal data and <strong>Right to access<\/strong> their personal data about them held by a controller, \u201cunless such confirmation or access would require the controller to reveal a trade secret.\u201d<\/li>\n<li><strong>Right to correct inaccuracies<\/strong> in their personal data, \u201ctaking into account the nature of the personal data and the purposes of the processing of the consumer&#8217;s personal data.\u201d<\/li>\n<li><strong>Right to delete<\/strong> personal data provided by or about the consumer.<\/li>\n<li><strong>Right to obtain a copy (portability)<\/strong> of their personal data processed by the controller. Controllers must provide the consumer with a copy of their personal data \u201cin a portable and, to the extent technically feasible, readily usable format that allows the consumer to transmit the data to another controller without hindrance, where the processing is carried out by automated means, provided such controller shall not be required to reveal any trade secret.\u201d<\/li>\n<li><strong>Right to opt-out from the processing of their personal data for the purposes of targeted advertising, sale of personal data<\/strong> (the text also refers to controller responsibilities under NH 507-H:6, which prohibit controllers from selling personal data consumers aged 13 to 16 without the consumer\u2019s consent) or personal data used for <strong>profiling<\/strong> <em>\u201cin furtherance of solely automated decisions that produce legal or similarly significant effects concerning the consumer.\u201d<br \/>\n<\/em><strong>Note:<\/strong> controllers are not required to authenticate opt-out requests, but may deny any requests they believe are fraudulent, provided they send notices to the people who made the requests.<\/li>\n<li><strong>Right to non-discrimination for exercising consumer rights<\/strong> \u2013 this right is listed in the same subsection as the opt-out right. Prohibited forms of discrimination mentioned include \u201cdenying goods or services, charging different prices or rates for goods or services or providing a different level of quality of goods or services to the consumer.\u201d<\/li>\n<\/ul>\n<p>Controllers must respond to New Hampshire consumers\u2019 personal data rights requests within 45 days.<\/p>\n<p>A controller can extend the period to process the requests by 45 more days (considering their complexity and number), but the consumer must first be told the reason for the extension within the initial 45 day period. Consumers must be informed of a decision to decline the rights request within 45 days, and be given a justification for the decision along with instructions on how to appeal.<\/p>\n<p>Consumers are allowed to make such requests free of charge once in any 12-month period; while controllers may charge \u201ca reasonable fee\u201d to cover the administrative costs or responding to consumer requests the controller can demonstrate are \u201cmanifestly unfounded, excessive or repetitive.\u201d<\/p>\n<h3>Sensitive personal data requirements<\/h3>\n<p>New Hampshire\u2019s data privacy law prevents controllers from processing a consumer\u2019s sensitive personal data unless they\u2019ve first obtained the consumer\u2019s consent (opt-in). This provision is in line with sensitive data privacy protections in other state\u2019s similar laws and includes a requirement for controllers to comply with the federal Children&#8217;s Online Privacy Protection Act (COPPA) when processing the sensitive data of a known child.<\/p>\n<p>Any personal data collected from a known child is classified as sensitive data.<\/p>\n<p>New Hampshire SB255 privacy law defines \u2018sensitive data\u2019 for adults as personal data that reveals a consumer\u2019s:<\/p>\n<ul>\n<li>Racial or ethnic origin<\/li>\n<li>Religious beliefs<\/li>\n<li>Mental or physical health condition or diagnosis<\/li>\n<li>Sex life<\/li>\n<li>Sexual orientation<\/li>\n<li>Citizenship or immigration status<\/li>\n<li>Genetic or biometric data (\u201cfor the purpose of uniquely identifying an individual\u201d); and\/or<\/li>\n<li>Precise geolocation within 1750 feet (excluding \u201cthe content of communications or any data generated by or connected to advanced utility metering infrastructure systems or equipment for use by a utility\u201d).<\/li>\n<\/ul>\n<h2>Applicability: Who must comply with New Hampshire SB255 Privacy Law?<\/h2>\n<p>The compliance requirements of New Hampshire\u2019s privacy law apply to any person who conducts business in New Hampshire or produces products or services targeted to residents of New Hampshire during a one-year period:<\/p>\n<ul>\n<li>Controlled or processed the personal data of 35,000 or more unique consumers. However, this threshold excludes \u201cpersonal data controlled or processed solely for the purpose of completing a payment transaction.\u201d<\/li>\n<\/ul>\n<p>or<\/p>\n<ul>\n<li>Controlled or processed the personal data of 10,000 or more unique consumers and derived more than 25% of their gross revenue from the sale of personal data.<\/li>\n<\/ul>\n<h3>Exempted organizations and data under New Hampshire Privacy Law<\/h3>\n<p>The New Hampshire Privacy Law includes exemptions similar to those under other state consumer privacy laws, such as organizations regulated by <a href=\"\/regulations\/hippa-privacy\/\">HIPAA<\/a> and <a href=\"\/regulations\/glba\/\">GLBA<\/a>, and personal information regulated by <a href=\"https:\/\/www.ftc.gov\/legal-library\/browse\/statutes\/fair-credit-reporting-act\" target=\"_blank\" rel=\"noopener\">FCRA<\/a>, <a href=\"https:\/\/epic.org\/dppa\/\" target=\"_blank\" rel=\"noopener\">DPPA<\/a>, and <a href=\"\/regulations\/ferpa\/\" target=\"_blank\" rel=\"noopener\">FERPA<\/a>.<\/p>\n<p>Controllers and processors that comply with the verifiable parental consent requirements of the <a href=\"\/regulations\/coppa\/\">Children\u2019s Online Privacy Protection Act (COPPA)<\/a> shall be deemed compliant with any obligation to obtain parental consent.<\/p>\n<h2>New Hampshire Privacy Law compliance requirements<\/h2>\n<p>Under New Hampshire\u2019s data privacy law, controllers must comply with the following requirements related to the collection and processing of personal data:<\/p>\n<ul>\n<li><strong>Limit the collection of personal data<\/strong> to what is adequate, relevant and reasonably necessary to the disclosed purposes for which the data is processed<\/li>\n<li><strong>Obtain the consumer\u2019s consent<\/strong> before processing their personal data for other purposes that are neither reasonably necessary to, nor compatible, with the disclosed purposes \u2013 this consent requirement also applies to the processing of personal data for sale or for the purposes of targeted advertising or profiling, and the processing of sensitive data \u2013 or in the case of a known child, the controller must process such data in compliance with COPPA<\/li>\n<li><strong>Not process personal data in violation of state and federal laws<\/strong> prohibiting unlawful discrimination against consumers<\/li>\n<li><strong>Support consumers\u2019 right to revoke consent<\/strong> to selected data collection and processing activities by providing an effective mechanism that is at least as easy to use as the mechanism by which the consumer provided their consent \u2013 and when a consumer exercises this right, stop processing the data as soon as practicable and at least within 15 days of consent being revoked<\/li>\n<li><strong>Publish a privacy notice<\/strong> (see below) and<\/li>\n<li><strong>Disclose<\/strong> whether the controller <strong>sells personal data to third parties or processes personal data for targeted advertising<\/strong> and if so, provide a clear and conspicuous link on the controller\u2019s website to a page that enables a consumer or an agent acting on their behalf to opt-out of the target advertising of sale of the consumer\u2019s personal data.<br \/>\n<strong>Note:<\/strong> universal opt-out signals (e.g., <a href=\"\/resource\/global-privacy-control\/\">Global Privacy Control<\/a>) must be honored by January 1, 2025.<\/li>\n<\/ul>\n<p>Controllers must also comply with the following <strong>data protection<\/strong> requirements:<\/p>\n<ul>\n<li>Establish, implement and maintain reasonable data security practices to protect the confidentiality, integrity and accessibility of personal data appropriate to the volume and nature of the personal data at issue<br \/>\nand<\/li>\n<li>Conduct and document a data protection assessment for each processing activity that presents a heightened risk of harm to the consumer including:<br \/>\n\u2013 processing of sensitive data<br \/>\n\u2013 sale of personal data<br \/>\n\u2013 processing of personal data for the purposes of targeted advertising or profiling.<\/li>\n<\/ul>\n<h3>Privacy notice requirements in New Hampshire<\/h3>\n<p>Controllers must provide consumers with a privacy notice that is reasonably accessible, clear and meaningful, which meets the \u201cstandards established by the secretary of state\u201d) and includes:<\/p>\n<ul>\n<li>Categories of personal data processed by the controller<\/li>\n<li>Purpose for processing personal data<\/li>\n<li>How consumers may exercise their consumer rights, including how a consumer may appeal a controller&#8217;s decision about a consumer rights request;<\/li>\n<li>Categories of personal data shared by the controller with third parties (if any)<\/li>\n<li>Categories of third parties (if any) with which the controller shares personal data and<\/li>\n<li>An active email address or other online mechanism the consumer may use to contact the controller.<\/li>\n<\/ul>\n<h3>New Hampshire Privacy Act processor responsibilities<\/h3>\n<p>Processors must adhere to the instructions of a controller and assist the controller in meeting the controller\u2019s obligations, taking into consideration the nature of processing and the information available to the processor to:<\/p>\n<ul>\n<li>Fulfill the controller\u2019s obligations to respond to consumer rights requests<\/li>\n<li>Ensure security of processing personal data<\/li>\n<li>Notify a breach of security or breach of the processor\u2019s system\/s and<\/li>\n<li>Provide information needed by the controller to conduct and document data protection assessments.<\/li>\n<\/ul>\n<p>A controller and a processor must enter a binding contract governing the processor\u2019s data processing procedures performed on behalf of the controller that clearly details instructions for:<\/p>\n<ul>\n<li>Processing data and the nature and purpose of processing<\/li>\n<li>Type of data subject to processing<\/li>\n<li>Duration of processing and<\/li>\n<li>Rights and obligations of both parties.<\/li>\n<\/ul>\n<p>The contract must also require the processor to:<\/p>\n<ul>\n<li>Ensure each person processing personal data is subject to a duty of confidentiality with respect to the data<\/li>\n<li>When directed, delete or return all personal data to the controller at the end of the provision of services \u2013 unless retention of personal data is required by law<\/li>\n<li>When reasonably requested, make available to the controller all information necessary to demonstrate the processor\u2019s compliance with New Hampshire\u2019s data privacy law<\/li>\n<li>After providing the controller an opportunity to object, engage any subcontractor under a written contract requiring the subcontractor to meet the processor\u2019s obligations with respect to personal data and<\/li>\n<li>Allow and cooperate with reasonable compliance assessments, and provide a report of such assessment to the controller on request. These assessments can be conducted by the controller, an assessor designated by the controller or a qualified and independent assessor arranged by the processor, and must use an appropriate and accepted control standard or framework and assessment procedure.<\/li>\n<\/ul>\n<h2>New Hampshire Privacy Act notice and enforcement<\/h2>\n<p>In New Hampshire the state\u2019s Attorney General has exclusive authority to enforce violations of the Act. Consumers do not have a private right of action.<\/p>\n<p>For the first year the Act is in force \u2013 from January 1 to December 31, 2025 \u2013 before the Attorney General initiates any action for violation of the Act, the AG shall:<\/p>\n<ul>\n<li>Issue a notice of a violation to a controller if the AG determines that a cure is possible<\/li>\n<li>Give the controller up to 60 days to cure the violation and<\/li>\n<li>Bring an enforcement action if the controller fails to cure the violation.<\/li>\n<\/ul>\n<p>From January 1, 2026, the New Hampshire Attorney General may consider whether to grant a controller or processor the opportunity to cure an alleged violation of the Act based on several factors, including:<\/p>\n<ul>\n<li>Number of violations<\/li>\n<li>Size and complexity of the controller or processor<\/li>\n<li>Nature and extent of the controller&#8217;s or processor&#8217;s processing activities<\/li>\n<li>Substantial likelihood of injury to the public<\/li>\n<li>Safety of persons or property and<\/li>\n<li>Whether the alleged violation was likely caused by human or technical error.<\/li>\n<\/ul>\n<p>Penalties are not specified in the text of the New Hampshire Consumer Expectation of Privacy Act, although it does state that a violation<em> \u201cshall constitute an unfair method of competition or any unfair or deceptive act or practice in the conduct of any trade or commerce within this state under RSA 358-A:2.\u201d<\/em> (<a href=\"https:\/\/gencourt.state.nh.us\/rsa\/html\/xxxi\/358-a\/358-a-2.htm\" target=\"_blank\" rel=\"noopener\">New Hampshire Regulation of Business Practices for Consumer Protection<\/a>.)<\/p>\n\t\t\t\t\t\t\t\t\t<div class=\"question-box-multiple\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"question-box bg-white\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Check_Small.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Cookie Consent Manager<\/h4>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Manage essential processes to achieve cookie compliance with state and international privacy laws.<\/p>\n<a href=\"\/products\/consent-consumer-rights\/cookie-consent-manager\/\" class=\"cta\">Learn more<\/a>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"question-box bg-white\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Online-Privacy_Small.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Nymity Research<\/h4>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Stay up to date on hundreds of global privacy laws, regulations, and standards.<\/p>\n<a href=\"\/free-trial\/nymity-research\/\" class=\"cta\">Start today<\/a>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class=\"right sm\">\n\t\t\t\t<div class=\"share-it\">\n\t\t\t\t\t<strong class=\"title block uppercase\">Follow us<\/strong>\n\t\t\t\t\t<div class=\"soc-list\">\n\t\t\t\t\t\t<a href=\"https:\/\/www.linkedin.com\/company\/trustarc\/\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/li-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<a href=\"\nhttps:\/\/twitter.com\/TrustArc\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/tw-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<a href=\"javascript:;\" id=\"copy-url\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/link-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<span class=\"copied\" style=\"display:none;\">Link Copied!<\/span>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"key-topics\">\n\t\t\t\t\t\t<strong class=\"title block uppercase\">Key Topics<\/strong>\n\t\t\t\t\t\t<ul>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li><a href=\"https:\/\/trustarc.com\/topic-resource\/us-consumer-privacy-laws\/\" class=\"badge\">US Consumer Privacy Laws<\/a><\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"cta-area\">\n\t\t\t\t\t<p>Get the latest resources sent to your inbox<\/p>\n\t\t\t\t\t<a href=\"\/subscription-center\/\" class=\"cta\">Subscribe<\/a>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/section>\n\t","protected":false},"excerpt":{"rendered":"<p>New Hampshire Consumer Expectation of Privacy Act requires businesses to protect consumer personal data privacy.<\/p>\n","protected":false},"featured_media":1692,"template":"","topic-resource":[114],"type-resource":[6],"class_list":["post-4968","resource","type-resource","status-publish","has-post-thumbnail","hentry","topic-resource-us-consumer-privacy-laws","type-resource-articles"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>New Hampshire Consumer Expectation of Privacy Act | TrustArc<\/title>\n<meta name=\"description\" content=\"TrustArc privacy experts explain the consumer privacy protections in the New Hampshire Consumer Expectation of Privacy Act and compliance requirements for businesses.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/trustarc.com\/resource\/new-hampshire-consumer-expectation-of-privacy-act\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/new-hampshire-consumer-expectation-of-privacy-act\\\/\",\"url\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/new-hampshire-consumer-expectation-of-privacy-act\\\/\",\"name\":\"New Hampshire Consumer Expectation of Privacy Act | TrustArc\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/new-hampshire-consumer-expectation-of-privacy-act\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/new-hampshire-consumer-expectation-of-privacy-act\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/res-feat-rect-blue.png\",\"datePublished\":\"2024-03-14T17:23:00+00:00\",\"dateModified\":\"2025-03-05T16:48:33+00:00\",\"description\":\"TrustArc privacy experts explain the consumer privacy protections in the New Hampshire Consumer Expectation of Privacy Act and compliance requirements for businesses.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/trustarc.com\\\/resource\\\/new-hampshire-consumer-expectation-of-privacy-act\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/new-hampshire-consumer-expectation-of-privacy-act\\\/#primaryimage\",\"url\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/res-feat-rect-blue.png\",\"contentUrl\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/res-feat-rect-blue.png\",\"width\":610,\"height\":152},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/#website\",\"url\":\"https:\\\/\\\/trustarc.com\\\/\",\"name\":\"TrustArc\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/trustarc.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"New Hampshire Consumer Expectation of Privacy Act | TrustArc","description":"TrustArc privacy experts explain the consumer privacy protections in the New Hampshire Consumer Expectation of Privacy Act and compliance requirements for businesses.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/trustarc.com\/resource\/new-hampshire-consumer-expectation-of-privacy-act\/","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/trustarc.com\/resource\/new-hampshire-consumer-expectation-of-privacy-act\/","url":"https:\/\/trustarc.com\/resource\/new-hampshire-consumer-expectation-of-privacy-act\/","name":"New Hampshire Consumer Expectation of Privacy Act | TrustArc","isPartOf":{"@id":"https:\/\/trustarc.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/trustarc.com\/resource\/new-hampshire-consumer-expectation-of-privacy-act\/#primaryimage"},"image":{"@id":"https:\/\/trustarc.com\/resource\/new-hampshire-consumer-expectation-of-privacy-act\/#primaryimage"},"thumbnailUrl":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-rect-blue.png","datePublished":"2024-03-14T17:23:00+00:00","dateModified":"2025-03-05T16:48:33+00:00","description":"TrustArc privacy experts explain the consumer privacy protections in the New Hampshire Consumer Expectation of Privacy Act and compliance requirements for businesses.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/trustarc.com\/resource\/new-hampshire-consumer-expectation-of-privacy-act\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/trustarc.com\/resource\/new-hampshire-consumer-expectation-of-privacy-act\/#primaryimage","url":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-rect-blue.png","contentUrl":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-rect-blue.png","width":610,"height":152},{"@type":"WebSite","@id":"https:\/\/trustarc.com\/#website","url":"https:\/\/trustarc.com\/","name":"TrustArc","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/trustarc.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/resource\/4968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/types\/resource"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/media\/1692"}],"wp:attachment":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/media?parent=4968"}],"wp:term":[{"taxonomy":"topic-resource","embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/topic-resource?post=4968"},{"taxonomy":"type-resource","embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/type-resource?post=4968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}