This RSA section is an unofficial mirror, is not legal advice, and may be incomplete, outdated, or incorrectly processed.
RSA 507-H:3 · Exclusions
507-H:3 Exclusions. –
Copy linkBody, authority, board, bureau, commission, district or agency of this state or of any political subdivision of this state;
Copy linkNational securities association that is registered under 15 U.S.C. section 78o-3 of the Securities Exchange Act of 1934, as amended;
Copy linkFinancial institution or data subject to Title V of the Gramm-Leach-Bliley Act, 15 U.S.C. 6801 et seq.; or,
Copy linkIdentifiable private information for purposes of the federal policy for the protection of human subjects under 45 C.F.R. 46;
Copy linkIdentifiable private information that is otherwise information collected as part of human subjects research pursuant to the good clinical practice guidelines issued by the International Council for Harmonization of Technical Requirements for Pharmaceuticals for Human Use;
Copy linkThe protection of human subjects under 21 C.F.R. Parts 6, 50, and 56, or personal data used or shared in research, as defined in 45 C.F.R. 164.501, that is conducted in accordance with the standards set forth in this chapter, or other research conducted in accordance with applicable law;
Copy linkInformation and documents created for purposes of the Health Care Quality Improvement Act of 1986, 42 U.S.C. 11101 et seq.;
Copy linkPatient safety work product for purposes of the Patient Safety and Quality Improvement Act, 42 U.S.C. 299b-21 et seq., as amended;
Copy linkInformation derived from any of the health care related information listed in this subsection that is de-identified in accordance with the requirements for de-identification pursuant to HIPAA;
Copy linkInformation originating from and intermingled to be indistinguishable with, or information treated in the same manner as, information exempt under this section that is maintained by a covered entity or business associate, program or qualified service organization, as specified in 42 U.S.C. 290dd-2, as amended;
Copy linkInformation used for public health activities and purposes as authorized by HIPAA, community health activities and population health activities;
Copy linkThe collection, maintenance, disclosure, sale, communication or use of any personal information bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics or mode of living by a consumer reporting agency, furnisher or user that provides information for use in a consumer report, and by a user of a consumer report, but only to the extent that such activity is regulated by and authorized under the Fair Credit Reporting Act, 15 U.S.C. 1681 et seq.;
Copy linkPersonal data collected, processed, sold or disclosed in compliance with the Driver's Privacy Protection Act of 1994, 18 U.S.C. 2721 et seq., as amended;
Copy linkPersonal data regulated by the Family Educational Rights and Privacy Act, 20 U.S.C. 1232g et seq., as amended;
Copy linkPersonal data collected, processed, sold or disclosed in compliance with the Farm Credit Act, 12 U.S.C. 2001 et seq., as amended;
Copy linkData processed or maintained in the course of an individual applying to, employed by or acting as an agent or independent contractor of a controller, processor or third party, to the extent that the data is collected and used within the context of that role; as the emergency contact information of an individual under this chapter used for emergency contact purposes; or, that is necessary to retain to administer benefits for another individual relating to the individual who is the subject of the information under HIPPA and used for the purposes of administering such benefits;
Copy linkPersonal data collected, processed, sold or disclosed in relation to price, route or service, as such terms are used in the Airline Deregulation Act, 49 U.S.C. 40101 et seq., as amended, by an air carrier subject to the act, to the extent this chapter is preempted by the Airline Deregulation Act, 49 U.S.C. 41713, as amended;
Copy linkPersonal information maintained or used for purposes of compliance with the regulation of listed chemicals under the federal Controlled Substances Act, 21 U.S.C. section 830; and
Copy linkInformation included in a limited data set as described at 45 C.F.R. 164.514(e), to the extent that the information is used, disclosed, and maintained in the manner specified at 45 C.F.R. 164.514(e).
Copy linkControllers and processors that comply with the verifiable parental consent requirements of COPPA shall be compliant with any obligation to obtain parental consent pursuant to this chapter. Source. 2024, 5:1, eff. Jan. 1, 2025.
Copy linkSource note
Source. 2024, 5:1, eff. Jan. 1, 2025.
Source history
- 2024, 5:1, eff. Jan. 1, 2025
Related materials
Bill relationships
-
2026 HB1436
amend
information they share subject to appropriate controls, so that it is legally and constitutionally their information. 3 New Subdivision; Privacy and Consumer Protection. Amend RSA 507-H by inserting after section 12 the following new subdivision: Privacy and Consumer Protection 507-H:13 Property Treatment of Personal Information. I. One who takes possession of and places the unpublished personal
-
2026 HB1436-FN
amend
information they share subject to appropriate controls, so that it is legally and constitutionally their information. 3 New Subdivision; Privacy and Consumer Protection. Amend RSA 507-H by inserting after section 12 the following new subdivision: Privacy and Consumer Protection 507-H:13 Property Treatment of Personal Information. I. One who takes possession of and places the unpublished personal
-
2026 HB1460
reference
0 $0 Funding Source(s) None *Expenditure = Cost of bill *Appropriation = Authorized funding to cover cost of bill METHODOLOGY: This bill amends RSA 507-H (New Hampshire’s Data Privacy Law) to prohibit covered entities from selling the location or other sensitive data regarding children. The Department of Justice (DOJ) states this bill will result in an indeterminable
-
2026 HB1460-FN
reference · effective 2027-01-01
0 $0 Funding Source(s) None *Expenditure = Cost of bill *Appropriation = Authorized funding to cover cost of bill METHODOLOGY: This bill amends RSA 507-H (New Hampshire’s Data Privacy Law) to prohibit covered entities from selling the location or other sensitive data regarding children. The Department of Justice (DOJ) states this bill will result in an indeterminable
-
2026 HB1694
amend · effective 2027-01-01
such personal data has been deleted and/or that the consumer has been opted out of any future collection or processing. 3 New Subdivision; Registration of Data Brokers. Amend RSA 507-H by inserting after section 12 the following new subdivision: Registration of Data Brokers 507-H:13 Definitions. In this subdivision: I. "Data broker" means a controller or processor that knowingly collects, agg
-
2026 HB1694-FN
amend · effective 2027-01-01
such personal data has been deleted and/or that the consumer has been opted out of any future collection or processing. 3 New Subdivision; Registration of Data Brokers. Amend RSA 507-H by inserting after section 12 the following new subdivision: Registration of Data Brokers 507-H:13 Definitions. In this subdivision: I. "Data broker" means a controller or processor that knowingly collects, agg
-
2025 HB2
reference
deral laws, and shall not track or compile information without the credential holder’s actual consent. The division shall only compile and/or disclose information regarding use of the credential as required by RSA 507-H and other applicable state or federal laws. 263-A:6 Rulemaking. The commissioner of the department of safety shall adopt administrative rules under 541-A that are necessary for the management and operation of