Security Breach Regulations in the State of New Hampshire

February 18, 2022 | 4 minutes read
Security Breach Regulations in the State of New Hampshire

N.H. Rev. Stat. §§ 359-C:19 is a data breach notification and privacy law that was passed in the U.S. state of New Hampshire in 2007. N.H. Rev. Stat. §§ 359-C:19 sets forth the regulations that business entities within New Hampshire must follow when a security breach occurs, including providing notification of the said breach to all affected parties, as well as the New Hampshire attorney general and the three major credit reporting agencies within the U.S., under certain circumstances. What’s more, the law also empowers the aforementioned New Hampshire attorney general to impose penalties against business entities within the state that fail to adhere to the provisions established in the law.

What is the scope and application of N.H. Rev. Stat. §§ 359-C:19?

In terms of the scope and application of N.H. Rev. Stat. §§ 359-C:19, the provisions of the law are applicable to any “individual, corporation, trust, partnership, incorporated or unincorporated association, limited liability company, or other form of entity, or any agency, authority, board, court, department, division, commission, institution, bureau, or other state governmental entity, or any political subdivision of the state (collectively, Entity) doing business in NH that owns or licenses computerized data that includes PI. Conversely, the “good-faith acquisition of PI by an employee or agent of an Entity for the purposes of the Entity’s business shall not be considered a security breach, provided that the PI is not used or subject to further unauthorized disclosure.”

What are the data breach requirements under N.H. Rev. Stat. §§ 359-C:19?

As is the case with many other security breach notification laws at the U.S. state level, business entities that experience such an event are required to provide notification to all affected parties. With this being said, data breach notifications under N.H. Rev. Stat. §§ 359-C:19 must provide residents of the state with the following information:

What personal information is protected under N.H. Rev. Stat. §§ 359-C:19?

Under the provisions of N.H. Rev. Stat. §§ 359-C:19, the following forms of personal information are legally protected in the event that a security breach occurs, in combination with a New Hampshire resident’s first name or initial and last name, in instances where the data elements in question have not been encrypted:

What are the penalties for violating N.H. Rev. Stat. §§ 359-C:19?

In terms of the enforcement of N.H. Rev. Stat. §§ 359-C:19, the provisions laid out in the law are enforced by the New Hampshire attorney general, who has the authority to impose numerous penalties against businesses that fail to comply with the law. Furthermore, in contrast to many other security breach notification laws around the country, N.H. Rev. Stat. §§ 359-C:19 provides residents of the state of New Hampshire with the private right of action to bring forth civil charges against businesses that violate their rights under the law. As such, business entities that lose such cases are subject to the following legal actions:

In addition to N.H. Rev. Stat. §§ 359-C:19, the state of New Hampshire also enacted two more data security laws 2019, HB 1700 (LSR 2410) and SB 303 (LSR 2766), which pertain to the placement of a security freeze on an individual’s credit report. As talks of a comprehensive data privacy law at the federal level continue to stall, the approach that states such as New Hampshire have taken will surely become more prevalent. Consequently, residents within the state effectively have three state laws governing security breaches, as well as the right to bring charges against business entities within the state that fail to comply with all relevant legislation and regulations.

Related Reads

Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Arizona’s Proposed New Law on Public Records Requests
March 13, 2023 | 7 minutes read
Arizona’s Proposed New Law on Public Records Requests

A Bit of History The date February 14th might stand out to most of us, and if you haven’t figured out why, it’s because it is the anniversary of Arizona’s Statehood. Over 100 years ago, Arizona became the 48th state to be admitted into the United States. Since governance is as old as human history, […]

Learn More »
How to Redact Documents Properly
March 06, 2023 | 9 minutes read
How to Redact Documents Properly

To begin, it’s important to understand that not every document needing redaction will automatically be text-searchable ready. So first, you need to OCR your document.

Learn More »