Go to:

New Hampshire State Privacy Protection Rights

New Hampshire statewide privacy links:

Sponsored

Introduction to New Hampshire Privacy Rights

New Hampshire has long operated under the motto "Live Free or Die," and this fierce independence extends to the state's approach to privacy protection. The Granite State maintains a distinctive privacy landscape that balances public transparency with individual privacy rights, creating a framework that differs meaningfully from many other states.

New Hampshire's privacy protections are grounded in both constitutional provisions and statutory law. Article 2-b of the New Hampshire Constitution explicitly guarantees the right to privacy, stating that "An individual's right to live free from governmental intrusion in private or personal information is natural, essential, and inherent." This constitutional foundation provides New Hampshire residents with stronger baseline privacy protections than many other states where privacy rights are derived solely from statutory law or judicial interpretation.

The state has enacted specific privacy statutes addressing data breaches, consumer reporting, employment records, and health information. New Hampshire Revised Statutes Annotated (RSA) contains numerous chapters dedicated to privacy protections across different contexts, from RSA 359-C governing identity theft protection to RSA 275:56 protecting employee personnel files. Compared to states like California with its comprehensive California Consumer Privacy Act, New Hampshire takes a more sector-specific approach, addressing privacy concerns through targeted legislation rather than omnibus privacy laws.

New Hampshire's approach to balancing public records access with privacy protection reflects its unique political culture. The state maintains robust Right-to-Know laws ensuring government transparency while carving out specific exemptions for personal information. This creates a framework where government accountability coexists with individual privacy rights, though navigating these sometimes competing interests requires understanding both the public records laws and privacy protections that apply to your specific situation.

New Hampshire's State Privacy Laws

New Hampshire has developed a comprehensive framework of privacy laws addressing multiple sectors, though residents should understand that the state has not enacted a comprehensive consumer privacy law comparable to California's CCPA or Virginia's CDPA. Instead, New Hampshire's privacy protections are distributed across various statutes addressing specific contexts and industries.

Data Breach Notification Law (RSA 359-C:19 through 359-C:21)

New Hampshire's data breach notification law, codified in RSA 359-C:19 through RSA 359-C:21, establishes specific requirements for businesses and government agencies that experience security breaches involving personal information. Under this statute, "personal information" includes a New Hampshire resident's first name or initial and last name combined with any of the following: Social Security number, driver's license number, or account/credit/debit card number with security code or access code.

When a breach occurs, entities must notify affected New Hampshire residents "as soon as possible" and without unreasonable delay. While the statute doesn't specify an exact number of days, it requires notification consistent with the legitimate needs of law enforcement and measures necessary to determine the scope of the breach. If a breach affects more than 1,000 individuals, the entity must also notify the Attorney General's office and major consumer reporting agencies. The law permits notification via written notice, electronic notice if consistent with E-SIGN Act provisions, or substitute notice if costs exceed $5,000 or the affected class exceeds 100,000 persons.

Consumer Protection and Financial Privacy

RSA 359-B governs regulation of consumer credit reporting agencies operating in New Hampshire. This statute requires credit reporting agencies to maintain reasonable procedures to ensure maximum possible accuracy and to provide consumers with mechanisms to dispute inaccurate information. New Hampshire residents have the right to request and receive one free credit report annually from each major credit reporting agency, a right established federally but enforced through state consumer protection mechanisms.

Financial institutions operating in New Hampshire must comply with the federal Gramm-Leach-Bliley Act, which requires financial privacy notices and opt-out provisions for information sharing. While New Hampshire hasn't enacted state-specific financial privacy laws beyond federal requirements, the Attorney General's Consumer Protection Bureau actively enforces financial privacy violations under the state's consumer protection act, RSA 358-A.

Employee Privacy Rights

RSA 275:56 provides significant protections for employee personnel files. This statute grants employees the right to review their personnel files at reasonable times and requires employers to permit employees to make copies of documents they have signed. Employers must maintain personnel files separate from medical records, and employees have the right to insert written rebuttals to adverse material in their files.

New Hampshire also protects employees from certain invasive monitoring practices. RSA 275:37 addresses employer surveillance, though it primarily focuses on disclosure requirements rather than outright prohibitions. Employers must inform employees of electronic monitoring of telephone calls, and unauthorized interception of communications may violate both state and federal wiretapping laws.

Identity Theft Protection

RSA 359-C:10 through RSA 359-C:13 establish New Hampshire's identity fraud statutes, creating criminal penalties for identity theft and providing victims with civil remedies. These provisions work in conjunction with the data breach notification requirements to create a framework addressing both prevention and response to identity-related privacy violations.

New Hampshire law also restricts the use of Social Security numbers by businesses and government agencies. RSA 359-C:5 prohibits printing Social Security numbers on cards required for access to products or services, mailing documents with visible Social Security numbers, and requiring transmission of Social Security numbers over the internet unless the connection is secure or the number is encrypted.

Genetic Privacy

RSA 141-H addresses genetic testing privacy, prohibiting employers and insurance companies from discriminating based on genetic information. This statute predates and complements federal GINA (Genetic Information Nondiscrimination Act) protections, providing New Hampshire residents with layered protections against genetic privacy violations.

Freedom of Information and Open Records in New Hampshire

New Hampshire's public records law, known as the Right-to-Know Law, is codified in RSA Chapter 91-A. This statute establishes that government records are public unless specifically exempted, creating a presumption of openness that places the burden on government agencies to justify withholding information.

What the Right-to-Know Law Covers

RSA 91-A:4 defines "governmental records" broadly to include any information created, accepted, or obtained by any public body or agency in furtherance of its official function. This encompasses documents, files, emails, recordings, and other materials regardless of physical form. The law applies to state agencies, municipalities, counties, school districts, and other governmental bodies.

Under RSA 91-A:4, IV, government agencies must respond to records requests within five business days. This response doesn't require providing the actual records within five days, but the agency must acknowledge the request and either provide the records, deny the request with specific legal justification, or provide a good-faith estimate of when the records will be available if they cannot be provided immediately.

Privacy-Related Exemptions

RSA 91-A:5 establishes specific exemptions protecting individual privacy. These include personnel, medical, and welfare files whose disclosure would constitute invasion of privacy; records of emergency or security systems; and confidential commercial or financial information. The exemptions most relevant to personal privacy include:

How to Request Records

To request records under New Hampshire's Right-to-Know Law, you must submit a request to the appropriate government agency. While the statute doesn't require written requests, submitting your request in writing creates a clear record. Your request should reasonably describe the records you seek with sufficient specificity to enable the agency to locate them.

New Hampshire doesn't mandate a specific request form, but your request should include your name, contact information, and a clear description of the records sought. You may request records in specific formats, though agencies must only provide records in formats in which they maintain them.

Fee Schedules

Under RSA 91-A:4, VIII, agencies may charge actual costs for copying records. Standard photocopies typically cost $0.50 per page, though agencies must charge actual costs, which may be less. For electronic records, agencies may charge for the actual cost of providing the data in the requested format. Agencies cannot charge for time spent reviewing records to determine whether exemptions apply, only for actual copying and retrieval costs.

Appeals Process

If an agency denies your request, RSA 91-A:7 establishes the appeals process. You may petition the Superior Court for injunctive relief within 60 days of the denial. The court will conduct a de novo review, examining the records in camera if necessary. If you prevail, the court shall award reasonable attorney fees and costs. This fee-shifting provision encourages enforcement of the Right-to-Know Law and deters agencies from improper denials.

HIPAA and Health Privacy in New Hampshire

Health privacy in New Hampshire operates under a dual framework combining federal HIPAA requirements with state-specific protections that sometimes exceed federal standards.

The federal Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule applies to covered entities throughout New Hampshire, including healthcare providers, health plans, and healthcare clearinghouses. HIPAA establishes baseline protections for protected health information (PHI), requiring authorization for most disclosures and granting individuals rights to access their medical records, request amendments, and receive accounting of disclosures.

New Hampshire supplements HIPAA protections through several state statutes. RSA 151:13 addresses patient rights in healthcare facilities, establishing that patients have the right to confidential treatment of personal and medical records. This statute applies to hospitals, nursing homes, and other healthcare facilities licensed in New Hampshire.

Mental health records receive additional protections under RSA 330-A:19, which restricts disclosure of mental health treatment records beyond HIPAA requirements. These records cannot be disclosed without patient consent except in limited circumstances involving imminent danger or court orders. This creates a higher threshold for mental health record disclosure than HIPAA requires for general medical records.

HIV/AIDS-related information receives special protection under RSA 141-F:7, which prohibits disclosure of HIV test results without written consent except to the tested individual, healthcare providers directly involved in care, or as otherwise specifically authorized by statute. Violations can result in civil penalties and damages.

To protect your medical records in New Hampshire, you should understand your rights under both HIPAA and state law. You can request an accounting of disclosures from healthcare providers, ask for restrictions on how your information is used (though providers aren't required to agree to all restrictions), and file complaints with both the federal Office for Civil Rights and the New Hampshire Department of Health and Human Services if you believe your health privacy rights have been violated.

Consumer Data Privacy Rights in New Hampshire

New Hampshire residents' consumer data privacy rights derive from a combination of federal laws, state consumer protection statutes, and common law privacy protections, though the state has not enacted comprehensive consumer data privacy legislation like several other states.

Current Consumer Privacy Framework

Unlike California, Virginia, Colorado, and Connecticut, New Hampshire has not passed a comprehensive consumer privacy law establishing rights to access, delete, or opt out of sale of personal information. New Hampshire residents must rely on federal laws like the Fair Credit Reporting Act (FCRA) and state consumer protection provisions in RSA 358-A for data privacy protections.

However, New Hampshire's constitutional right to privacy and consumer protection act provide enforcement mechanisms when businesses misuse personal information. The Attorney General's Consumer Protection Bureau has authority to investigate and prosecute unfair or deceptive practices involving consumer data under RSA 358-A:2.

Credit Reporting Rights Under FCRA

New Hampshire residents have specific rights under the Fair Credit Reporting Act, enforced at the state level through RSA 359-B. These include the right to:

Security Freeze Rights

Under RSA 359-B:19 through RSA 359-B:26, New Hampshire residents have the right to place security freezes on their credit reports. Consumer reporting agencies must place freezes within five business days of receiving requests and must lift freezes within three business days (or within 15 minutes if requested online or by phone with proper PIN). As of September 21, 2018, credit freezes are free for all consumers under federal law.

Data Broker Opt-Out Rights

New Hampshire doesn't have a data broker registry like Vermont, but residents can still remove their information from people-search websites and data brokers. Major data brokers like Acxiom, Epsilon, and LexisNexis maintain opt-out mechanisms, though each operates differently. People-search sites like Whitepages, Spokeo, BeenVerified, and Intelius each have individual opt-out processes requiring manual submission.

The process typically involves visiting each site's opt-out or privacy page, locating your listing, and following the specific removal procedure. Some sites require email verification, while others process removals immediately. Because data brokers continuously aggregate information from public records and other sources, opt-outs may need to be renewed periodically.

Telemarketing and Communications Privacy

New Hampshire residents can register phone numbers on the National Do Not Call Registry to reduce telemarketing calls. RSA 359-E:4 prohibits businesses from calling numbers on the registry, with violations subject to penalties under the state consumer protection act. The state also recognizes federal CAN-SPAM Act protections against unwanted commercial emails.

Employment Background Checks and Privacy in New Hampshire

New Hampshire regulates employment background checks through a combination of state statutes and adherence to federal Fair Credit Reporting Act requirements, creating specific protections for job applicants and employees.

Background Check Requirements and Restrictions

When employers use third-party consumer reporting agencies to obtain background checks, they must comply with the federal FCRA. This requires employers to obtain written authorization from applicants before procuring reports and provide adverse action notices if they decide not to hire based on report contents.

New Hampshire doesn't have a comprehensive "ban-the-box" law prohibiting criminal history inquiries on initial employment applications for private employers, though such restrictions apply to certain public employment. However, RSA 275:56-a restricts how employers may use criminal records in employment decisions. Employers cannot automatically disqualify applicants based on arrests that didn't lead to convictions unless the charges are pending.

Criminal Record Access and Duration

New Hampshire criminal records are maintained by the New Hampshire Department of Safety, Division of State Police, and are generally accessible to employers conducting background checks. Convictions remain on criminal records indefinitely unless annulled through the legal process.

However, RSA 651:5 establishes an annulment process for certain criminal records. Individuals may petition for annulment of criminal records after specific waiting periods: misdemeanors after three years from completion of sentence, and felonies after ten years. Violent crimes and sexual offenses have different requirements. Annulment doesn't erase the record but restricts public access, and annulled records generally shouldn't appear on most background checks.

Driving Record Privacy

The New Hampshire Division of Motor Vehicles maintains driving records governed by the federal Driver's Privacy Protection Act (DPPA). Employers can access driving records for employment purposes only when driving is relevant to the position. Under RSA 260:14, drivers can request their own driving records and should review them periodically for accuracy.

Disputing Inaccurate Background Check Information

If a background check contains inaccurate information, New Hampshire residents have specific dispute rights. For reports from consumer reporting agencies, the FCRA requires agencies to investigate disputes within 30 days and correct or remove inaccurate information. You should submit disputes in writing with supporting documentation.

For inaccurate criminal records maintained by the state, contact the New Hampshire Department of Safety, Division of State Police, Records and Identification Bureau. You may need to provide fingerprints and court documentation proving the error. For court record errors, contact the specific court that handled the case to request corrections.

Protecting Yourself in New Hampshire: Practical Steps

New Hampshire residents can take concrete steps to protect their privacy and control personal information accessibility.

Step 1: Freeze Your Credit Reports

Contact all three major credit bureaus to place security freezes:

Credit freezes are free under federal law. You'll receive PINs to lift freezes when needed. Also freeze reports with Innovis (innovis.com) and the National Consumer Telecom & Utilities Exchange (nctue.com) for comprehensive protection.

Step 2: Opt Out of People-Search Websites

Systematically remove your information from major people-search sites. This time-consuming process requires visiting each site individually:

Document each opt-out request and check back periodically, as information may reappear when sites refresh their databases from public records.

Step 3: Request Record Sealing or Annulment

If you have criminal records eligible for annulment under RSA 651:5, file a petition with the court that handled your case. The process involves:

Consider consulting an attorney familiar with New Hampshire annulment procedures, as successful petitions require demonstrating rehabilitation and that annulment serves the interests of justice.

Step 4: Register for Privacy Protections

Take advantage of available registry-based protections:

Step 5: Monitor and Review Your Records

Regularly review records that contain your personal information:

Step 6: Contact New Hampshire Privacy Resources

For privacy violations or concerns, contact:

New Hampshire Data Breach Notification Requirements

New Hampshire's data breach notification law, RSA 359-C:20, establishes specific requirements that organizations must follow when personal information is compromised.

Who Must Notify

Any person or business that owns or licenses computerized data containing personal information about New Hampshire residents must provide notice when a security breach occurs. This applies regardless of whether the business is located in New Hampshire—the trigger is whether the compromised data involves New Hampshire residents.

Third-party data processors that maintain data on behalf of other businesses must notify the data owner immediately upon discovering a breach, and the data owner then bears responsibility for notifying affected individuals.

What Triggers Notification

Under RSA 359-C:19, a breach triggering notification requirements occurs when unauthorized acquisition of computerized data compromises the security, confidentiality, or integrity of personal information. Personal information is defined as a New Hampshire resident's first name or initial and last name combined with:

Notification Timeframe

RSA 359-C:20 requires notification "as soon as possible" and without unreasonable delay. The statute doesn't specify an exact number of days but allows for delays necessary for law enforcement investigation or to determine the scope of the breach and restore system integrity. Unlike some states with specific 30, 45, or 60-day requirements, New Hampshire's standard is fact-specific, though "as soon as possible" has been interpreted to mean within days or weeks rather than months.

Attorney General Notification

When a breach affects more than 1,000 New Hampshire residents, the entity must notify the New Hampshire Attorney General's office in addition to affected individuals. This notification should be sent to the Consumer Protection Bureau.

Content of Notification

While the statute doesn't specify required content, notifications should include:

Penalties for Violations

Violations of New Hampshire's data breach notification law constitute unfair or deceptive trade practices under RSA 358-A. The Attorney General can bring enforcement actions seeking injunctive relief and civil penalties. While the statute doesn't create a private right of action specifically for notification violations, affected individuals may have claims under the consumer protection act or common law negligence if they suffer damages from inadequate breach response.

Children's Privacy in New Hampshire

Children's privacy in New Hampshire is protected through federal laws and state-specific provisions addressing education records and online privacy.

COPPA Compliance

The federal Children's Online Privacy Protection Act (COPPA) applies to websites and online services directed to children under 13 or that have actual knowledge they're collecting information from children under 13. While COPPA is federal law, the Federal Trade Commission enforces it nationwide, including in New Hampshire. COPPA requires verifiable parental consent before collecting personal information from children, limits what information can be collected, and requires data security measures.

New Hampshire doesn't have a state-level equivalent to COPPA, but the Attorney General's Consumer Protection Bureau can pursue enforcement actions against businesses violating COPPA under the state's consumer protection act, RSA 358-A.

School Records and FERPA

The federal Family Educational Rights and Privacy Act (FERPA) protects student education records in New Hampshire schools receiving federal funding, which includes virtually all public schools and most private schools. FERPA grants parents rights to access their children's education records, request corrections, and control disclosure of personally identifiable information.

New Hampshire supplements FERPA through RSA 189:65 through RSA 189:68-a, which establishes state-level student privacy protections. These provisions restrict disclosure of student records and establish procedures for parents to access and challenge records. RSA 189:68-a specifically addresses the confidentiality of student records and creates penalties for unauthorized disclosure.

Parents of students under 18 (or students 18 and older) have the right to inspect education records within 10 days of request under New Hampshire law. Schools must obtain parental consent before releasing personally identifiable information except in specific circumstances such as transfers to other schools or compliance with court orders.

Social Media Privacy for Minors

While New Hampshire hasn't enacted comprehensive social media privacy laws for minors like some states, RSA 275:71 prohibits employers from requesting access to employees' personal social media accounts, which extends protection to minor employees. Educational institutions in New Hampshire generally cannot require students to provide access to personal social media accounts, though specific statutory protection is limited.

Frequently Asked Questions About Privacy Rights in New Hampshire

Does New Hampshire have a comprehensive consumer privacy law like California's CCPA?

No, New Hampshire has not enacted comprehensive consumer privacy legislation comparable to the California Consumer Privacy Act (CCPA) or similar laws in Virginia, Colorado, or Connecticut. New Hampshire residents' consumer privacy rights derive from federal laws, sector-specific state statutes, and the state consumer protection act (RSA 358-A). While there have been legislative proposals for comprehensive privacy legislation, none have been enacted as of 2024. New Hampshire residents must rely on targeted privacy protections for specific contexts like data breaches (RSA 359-C), credit reporting (RSA 359-B), and health information rather than broad rights to access, delete, or opt out of sale of personal information.

How do I get my arrest record annulled in New Hampshire?

To annul a criminal record in New Hampshire under RSA 651:5, you must meet eligibility requirements including specific waiting periods: three years from completion of sentence for misdemeanors, ten years for felonies, and longer for violent crimes. The process involves obtaining a certified criminal record from the State Police Records Bureau (603-223-3859), filing a petition for annulment with the court that handled your case, and attending a hearing where you must demonstrate rehabilitation and that annulment serves the interests of justice. The court considers factors including the nature of the offense, your subsequent conduct, and public safety. Successful annulment doesn't erase the record but restricts public access, preventing it from appearing on most background checks. Consider consulting an attorney, as the process requires navigating court procedures and presenting persuasive evidence of rehabilitation.

Can employers in New Hampshire ask about criminal history on job applications?

Yes, private employers in New Hampshire can generally ask about criminal history on job applications, as the state doesn't have a comprehensive "ban-the-box" law restricting when employers can inquire about criminal records. However, RSA 275:56-a prohibits employers from automatically disqualifying applicants based solely on arrests that didn't result in convictions (unless charges are pending). Employers must consider the relationship between criminal history and the job, and federal Equal Employment Opportunity Commission guidance requires individualized assessment. Some New Hampshire municipalities may have local ban-the-box ordinances affecting public employment. If you have an annulled record under RSA 651:5, you generally don't have to disclose it to private employers, though certain licensed professions may have different requirements.

What should I do if I receive a data breach notification letter?

Upon receiving a data breach notification, take immediate protective steps. First, determine what information was compromised—Social Security numbers, financial account numbers, or driver's license numbers require different responses. If Social Security numbers were exposed, place fraud alerts or security freezes on your credit reports with all three bureaus (Equifax, Experian, TransUnion). Monitor your credit reports closely for unauthorized accounts or inquiries—you're entitled to free reports from AnnualCreditReport.com. If financial accounts were compromised, contact your bank or credit card company to close affected accounts and dispute unauthorized charges. Consider enrolling in credit monitoring services if offered by the breached entity. File a report with the New Hampshire Attorney General's Consumer Protection Bureau (603-271-3641) and document all correspondence. If you become an identity theft victim, file a report with local police and create an identity theft report through IdentityTheft.gov for recovery assistance.

How do I request my personal information from a New Hampshire government agency?

To request your personal information from a New Hampshire government agency under RSA 91-A, submit a written request to the agency's records custodian describing the specific records you seek. While the Right-to-Know Law doesn't require written requests, writing creates documentation. Include your name, contact information, and reasonably specific description of records (e.g., "my personnel file from [department]" or "all emails sent by me to [agency] between [dates]"). The agency must respond within five business days either providing records, denying the request with legal justification, or estimating when records will be available. For your own records, agencies typically waive or reduce fees. If the agency denies your request inappropriately, you can petition Superior Court under RSA 91-A:7 within 60 days. For specific personal records like criminal history, contact the State Police Records Bureau; for driving records, contact the DMV at 603-227-4000; for health records from state facilities, contact the Department of Health and Human Services.

Can I remove my address from public property records in New Hampshire?

New Hampshire property records maintained by county registries of deeds and municipal tax assessors are generally public under RSA 91-A and cannot be completely removed, as they serve important public purposes including establishing property ownership and tax obligations. However, certain individuals may qualify for address confidentiality programs. New Hampshire's Address Confidentiality Program, administered by the Attorney General's office under RSA 173-C, provides substitute addresses for victims of domestic violence, sexual assault, stalking, or human trafficking. Participants receive a substitute address for use with government agencies and can request that their actual address be withheld from public records. To apply, contact a victim services agency that can certify your application. The program doesn't remove existing public records but prevents actual addresses from appearing in future government records. For people-search websites displaying property record information, follow each site's individual opt-out process to request removal, though this doesn't affect the underlying public records.

What are my rights if a background check company reports inaccurate information about me?

Under the Fair Credit Reporting Act (FCRA), which applies to background checks in New Hampshire, you have specific dispute rights when consumer reporting agencies provide inaccurate information. First, request a copy of the report from the company that provided it to the employer—employers must provide notice and company contact information if they take adverse action based on a background check. Submit a written dispute to the consumer reporting agency identifying the inaccurate information and providing supporting documentation (court records showing case dismissal, proof of identity if records belong to someone else, etc.). The agency must investigate within 30 days and correct or delete inaccurate information if it cannot verify accuracy. The agency must provide results in writing and notify anyone who received the report in the past six months (two years for employment purposes) of corrections. If the agency doesn't adequately resolve your dispute, you can file a complaint with the Consumer Financial Protection Bureau and the New Hampshire Attorney General's Consumer Protection Bureau (603-271-3641), and you may have grounds for legal action under FCRA provisions allowing recovery of damages for violations.

How long does a company have to notify me of a data breach in New Hampshire?

Under RSA 359-C:20, companies must notify affected New Hampshire residents of data breaches "as soon as possible" and without unreasonable delay. Unlike some states that specify exact timeframes (30, 45, or 60 days), New Hampshire uses a reasonableness standard

Last reviewed: Apr 5, 2026 Updated: Apr 5, 2026