Data Privacy Legislation is Coming to the Northeast Region

Following the California Consumer Privacy Act (CCPA), many states have started to evaluate their data privacy laws in an effort to follow suit with similar legislation. Data privacy has become increasingly important as website owners gather, process, and sell more data each year.  

The Northeast is one of the latest regions in the U.S. to begin adopting more comprehensive bills for data privacy and security online. Here’s a highlight of some of the Northeast’s upcoming bills, and how they relate to the CCPA.  

New Hampshire Data Privacy

The basics 

Bill name: HB 1680-FN 

Status: In House Committee 

New Hampshire’s HB 1680-FN pulls a lot directly from the CCPA. However, it takes some liberties with how it chooses to interpret various phrases and sections of CCPA. The NH bill also doesn’t include the amendments that CCPA does, which could change before it goes into effect in 2021. 

One major difference is how the NH bill defines Personal Information. CCPA defines Personal Information as that information which is not publicly available. Personal Information under the NH bill clarifies that information is not publicly available if the data will be used for a purpose other than the purpose for which the data is collected and processed by the website owner or made available in government records. 

Another major deflection from CCPA is the lack of a provision allowing the state’s bill to supersede any other local regulations. This could lead to more restrictive ordinances by individual cities or counties. 

In the case of a data breach, HB-16080-FN expands the definition of what constitutes a data breach beyond the CCPA’s “nonencrypted and nonredacted” to include “nonencrypted or nonredacted”. Where CCPA has definitive boundaries for the size of businesses that will need to adhere, it is unclear whether this bill will impose restrictions on which companies are expected to follow the laws outlined in the bill. 

New York Data Privacy

The basics 

Bill name: New York Privacy Act / S5642 

Status: In Senate Committee 

Another major bill is working its way through the senate, with hopes to be the most comprehensive privacy bill in the country. The New York Privacy Act intends to draw from CCPA to further tighten regulations on data collected by businesses. Most importantly, the bill aims to put consumer privacy above business profits.  

Similar to CCPA, consumers would be able to find out what kinds of data companies collect on them, who these companies are sharing the data with, request deletion or correction, and even bar companies from sharing data with third party companies at all. 

The New York bill goes even further than data privacy legislation in the CCPA to allow citizens to sue companies directly, completely separate from the action that the state’s attorney general has to take in California. Additionally, the New York bill would apply to companies of any size.  

CookiePro Tracking Privacy  

CookiePro by OneTrust is guided by an external advisory board of renowned privacy experts and an in-house global privacy and legal research team. We will continue to monitor additional data privacy legislation, so please check back for updates and developments.