Bill Text: NH HB1662 | 2022 | Regular Session | Amended


Bill Title: Relative to the privacy obligations of the department of health and human services, an appropriation for housing expenses for homeless people and parameters thereof, electronic wage payments, and requiring online marketplaces to disclose certain information to consumers.

Spectrum: Moderate Partisan Bill (Republican 7-1)

Status: (Engrossed - Dead) 2022-05-23 - Conference Committee Report; Not Signed Off; Senate Journal 13 [HB1662 Detail]

Download: New_Hampshire-2022-HB1662-Amended.html

HB 1662-FN - AS AMENDED BY THE SENATE

 

16Feb2022... 0577h

31Mar2022... 1134h

05/05/2022   1969s

05/05/2022   1905s

05/05/2022   1952s

 

2022 SESSION

22-2019

07/05

 

HOUSE BILL 1662-FN

 

AN ACT relative to the privacy obligations of the department of health and human services, an appropriation for housing expenses for homeless people and parameters thereof, electronic wage payments, and requiring online marketplaces to disclose certain information to consumers.

 

SPONSORS: Rep. Edwards, Rock. 4; Rep. M. Pearson, Rock. 34; Rep. Salloway, Straf. 5; Rep. McMahon, Rock. 7; Rep. Nelson, Carr. 5; Rep. Lang, Belk. 4; Sen. Giuda, Dist 2; Sen. Gray, Dist 6

 

COMMITTEE: Health, Human Services and Elderly Affairs

 

-----------------------------------------------------------------

 

AMENDED ANALYSIS

 

This bill:

 

I.  Establishes a data privacy and information technology security governance board within the department of health and human services to oversee data privacy risk calculation and risk mitigation efforts and provides for 2 employees within the department to accomplish these objectives.

 

II.  Provides for an appropriation to the department for the housing expenses for homeless people seeking shelter, distribution of which is based on the Medicaid full enrollment population of each town as of April 4, 2022 as provided in the bill.

 

III.  Amends the provisions related to payment of an employee’s wages by direct deposit.

 

IV.  Requires third-party sellers to provide certain information to online marketplaces and to consumers, and deems the failure to do so a violation of the consumer protection act.

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Explanation: Matter added to current law appears in bold italics.

Matter removed from current law appears [in brackets and struckthrough.]

Matter which is either (a) all new or (b) repealed and reenacted appears in regular type.

16Feb2022... 0577h

31Mar2022... 1134h

05/05/2022   1969s

05/05/2022   1905s

05/05/2022   1952s 22-2019

07/05

 

STATE OF NEW HAMPSHIRE

 

In the Year of Our Lord Two Thousand Twenty Two

 

AN ACT relative to the privacy obligations of the department of health and human services, an appropriation for housing expenses for homeless people and parameters thereof, electronic wage payments, and requiring online marketplaces to disclose certain information to consumers.

 

Be it Enacted by the Senate and House of Representatives in General Court convened:

 

1  Declaration of Purpose.  New Hampshire voters passed the Right of Privacy into the state constitution in November 2018 with an 81 percent approval.  With that vote, state government culture and behavior needed to be shaped by the words, “An individual's right to live free from governmental intrusion in private or personal information is natural, essential, and inherent”.  The department of health and human services has been subject to the Health Insurance Portability and Accountability Act since 1996 which drove initial efforts to develop a culture and infrastructure to protect personal data privacy.  As a holder of personal information in state government, the department has a responsibility to demonstrate to the public the state’s commitment to actively and overtly respect personal privacy, including privacy of personal information.  Establishing and maturing a culture of privacy is core to successfully driving future efforts to implement and enhance privacy policies, procedures, and practices.  Continuous improvement requires appropriate governance and policy leadership.

2  New Subdivision; Data Privacy and Information Technology Security Governance Board.  Amend RSA 126-A by inserting after section 97 the following new subdivision:

Data Privacy and Information Technology Security Governance Board

126-A:98  Data Privacy and Information Technology Security Governance Board Established.  There is hereby established a data privacy and information technology security governance board to oversee the department's use of data, data privacy, and information technology security that shall be maintained by the department of health and human services.

126-A:99  Membership; Quorum.

I.  The data privacy and information technology security governance board shall consist of the following members:

(a)  The commissioner of the department of health and human services, who shall serve as the governance board chair.

(b)  The department's privacy officer.

(c)  Three directors of the department who have responsibility for one of the following areas: medicaid services, public health, behavioral health, children, youth and families, or long-term support and services.

(d)  The director of the department's bureau of human resource management.

(e)  The director of the department's bureau of information services.

(f)  The department's chief legal officer.

(g)  The commissioner of the department of information technology.

(h)  Up to 2 additional voting members appointed by the commissioner of the department of health and human services, if needed.

II.  A quorum of this board shall consist of the named positions being in attendance with greater than 50 percent present.  Members may delegate authority to represent them for the purposes of maintaining a quorum.  The chair of the board may also delegate authority to another appropriate member of the governance board to serve during a specified meeting.

126-A:100  Duties.  The data privacy and information technology security governance board shall:

I.  Meet at least 3 times a year and post public facing meeting minutes within 2 weeks of the completion of each meeting on the department's web page.

II.  Become educated in what data governance means, how it will work for the organization, and what it means to embrace data governance and activate enterprise data stewards.

III.  Actively promote improved data governance practices across the department.

IV.  Identify and approve of pivotal data governance roles and responsibilities for the department including cross-enterprise domain stewards and coordinators.

V.  Advise, review, and approve the department's data control, governance, and privacy practices in compliance with federal and state law and federal and state information privacy and security policies, with the goal to meet or exceed private market benchmarks for governance, risk management, and compliance.

VI.  Drive strategic and timely implementation of a department-wide privacy policy, related procedures and processes to operationalize policy-derived controls, and effective risk management methodologies, including industry standards such as privacy impact assessments and privacy by design.

VII.  The data privacy and information technology security governance board may solicit information from any person or entity the board deems relevant to its quest.

126-A:101  Risk Management.

I.  For each information technology system that contains personal information, the department shall conduct a written risk assessment and mitigation remediation plan in the form of a privacy impact assessment.

II.  The assessment and plan shall:

(a)  Assess risks to an individual's right to privacy within the department's information technology systems where the individual does not possess immediate control over their information.

(b)  Recommend alternatives to both mitigate the risks and achieve the stated objectives of the department's systems.

(c)  Identify those individuals and offices within the department who shall be directly accountable for the assessment and plan, the system at the time the assessment and plan are compiled, and any approved alternatives and mitigations as a result of the assessment and plan.

III.  Unless otherwise required by law or applicable regulation, no personal information shall be collected prior to the completion of the assessment and plan and any subsequent measures as a result of the assessment and plan, as determined by the governance board for any systems implemented subsequent to March 31, 2023.

IV.  The assessment and plan shall be approved and may be acted upon by the commissioner.  All assessments and plans conducted before the date of the next data privacy and information technology security governance board meeting shall be submitted to the board for review.   

3  Data Privacy and Information Technology Security Governance Board; Specialized Employees Authorized; Appropriation.

I.  The department is hereby authorized to establish 2 full-time, permanent employees to support and conduct the required data privacy and information technology security assessments, as well as manage the implementation of mitigation efforts and other necessary updates.

II.  The qualifications of the 2 employees shall include privacy certifications, information systems expertise, and project management and communications experience.  Certifications may be deferred for up to 2 years post-hiring.

III.  The 2 employees shall be classified, full time employees who shall work on assisting in implementing the objectives of the data privacy and information technology security governance board, conducting the privacy assessment and mitigation plan, and other, related data privacy and information technology security activities in the department of health and human services.  The classification shall be business systems analyst II, labor grade 30, step 5.  The sum of $137,480 in general funds for the fiscal year ending June 30, 2023 is hereby appropriated to the department of health and human services for the purpose of funding 2 business systems analyst II positions for the purpose of implementation of this act.  The governor is authorized to draw a warrant for said amounts out of any money in the treasury not otherwise appropriated.  The department is authorized to accept and expend matching federal funds for the purposes of this section without prior approval of the fiscal committee of the general court.

IV.  The department is authorized to use contract support available from funds prior to July 1, 2023.

4  Housing Expenses for Homeless People; Appropriation.  The sum of $5,000,000 for the fiscal year ending June 30, 2023 is hereby appropriated to the department of health and human services for the purpose of assisting cities and towns with housing expenses for homeless people seeking shelter.  No later than August 1, 2022, the department shall distribute said sum to municipalities based on each municipality’s share of total Medicaid enrollees as of April 3, 2022, as determined by section 5 of this act.  Municipalities shall use said funds to make payments to homeless shelters or overnight lodging providers offering discounted rates to accommodate homeless people in their community.  The governor shall determine if any discretionary funds appropriated in the American Rescue Plan Act of 2021, Public Law 117-2, or any other federal funds, can be used for this purpose, and the department shall expend such federal funds for this purpose.  Any remainder shall be appropriated from the general fund.  The governor is authorized to draw a warrant for the general fund portion of such sum from any money in the treasury not otherwise appropriated.

5  Housing Expenses for Homeless People; Appropriation Distribution Reference.  The sum appropriated in section 4 of this act shall be distributed by the department according to the following table based upon full benefit Medicaid enrollees as of April 4, 2022:

 

Town Children Elderly Adult Expansion Other Total: Distribution

Name: (Under 19): and Disabled: via Granite Non-Disabled Amount:

Advantage: /Non-Elderly

Adults:

Acworth 63 11 43 12 129 2,717

Albany 81 20 77 16 194 4,087

Alexandria 177 30 137 39 383 8,068

Allenstown 491 121 373 97 1,082 22,793

Alstead 174 29 165 38 406 8,553

Alton 382 58 343 73 856 18,032

Amherst 336 62 297 54 749 15,778

Andover 195 21 132 30 378` 7,963

Antrim 292 51 210 53 606 12,766

Ashland 230 61 174 51 516 10,870

Atkinson 146 42 161 32 381 8,026

Auburn 172 39 186 45 442 9,311

Barnstead 429 56 316 83 884 18,622

Barrington 546 106 470 104 1,226 25,826

Bartlett 173 25 169 34 401 8,447

Bath 107 19 87 16 229 4,824

Bedford 638 382 543 128 1,691 35,622

Belmont 804 155 575 183 1,717 36,169

Bennington 161 31 134 26 352 7,415

Benton 21 9 16 2 48 1,011

Berlin 1,254 631 1,085 318 3,288 69,263

Bethlehem 268 68 243 43 622 13,103

Boscawen 347 238 281 65 931 19,612

Bow 300 52 225 57 634 13,355

Bradford 148 24 144 27 343 7,225

Brentwood 130 119 127 24 400 8,426

Bridgewater 39 9 53 7 108 2,275

Bristol 388 94 298 71 851 17,927

Brookfield 41 7 35 9 92 1,938

Brookline 180 28 185 43 436 9,185

Campton 318 55 251 66 690 14,535

Canaan 298 36 245 59 638 13,440

Candia 180 39 158 40 417 8,784

Canterbury 130 28 116 23 297 6,256

Carroll 57 9 72 6 144 3,033

Center Harbor 58 11 77 12 158 3,328

Charlestown 551 127 367 143 1,188 25,026

Chatham 38 2 21 7 68 1,432

Chester 213 32 185 43 473 9,964

Chesterfield 225 20 180 28 453 9,543

Chichester 208 38 129 35 410 8,637

Claremont 1,828 661 1,603 460 4,552 95,890

Clarksville 30 5 25 7 67 1,411

Colebrook 242 111 250 50 653 13,756

Columbia 27 14 31 5 77 1,622

Concord 3,576 1,713 3,856 824 9,969 210,001

Conway 1,016 339 977 187 2,519 53,064

Cornish 51 11 68 8 138 2,907

Croydon 67 11 56 15 149 3,139

Dalton 116 24 88 21 249 5,245

Danbury 128 15 106 23 272 5,730

Danville 221 55 204 46 526 11,080

Deerfield 263 51 171 32 517 10,891

Deering 148 40 155 31 374 7,878

Derry 2,511 650 1,997 568 5,726 120,621

Dorchester 43 6 36 11 96 2,022

Dover 2,070 749 1,906 502 5,227 110,109

Dublin 112 9 89 23 233 4,908

Dummer 32 7 20 2 61 1,285

Dunbarton 96 37 109 18 260 5,477

Durham 135 71 185 18 409 8,616

EastKingston 91 9 98 20 218 4,592

Easton 6 2 9 2 19 400

Eaton 25 2 25 2 54 1,138

Effingham 224 43 172 49 488 10,280

Ellsworth 11 - 10 2 23 485

Enfield 246 44 236 57 583 12,281

Epping 436 95 355 104 990 20,855

Epsom 302 110 227 61 700 14,746

Errol 13 9 22 2 46 969

Exeter 728 238 680 157 1,803 37,981

Farmington 743 201 586 160 1,690 35,601

Fitzwilliam 252 30 177 49 508 10,701

Francestown 89 10 63 10 172 3,623

Franconia 55 46 64 7 172 3,623

Franklin 1,183 421 949 259 2,812 59,236

Freedom 78 16 101 18 213 4,487

Fremont 210 39 190 45 484 10,196

Gilford 434 99 389 92 1,014 21,360

Gilmanton 310 45 243 65 663 13,966

Gilsum 80 13 58 10 161 3,392

Goffstown 737 336 569 151 1,793 37,770

Gorham 221 74 193 39 527 11,101

Goshen 74 14 59 16 163 3,434

Grafton 152 26 136 33 347 7,310

Grantham 88 12 89 19 208 4,382

Greenfield 152 39 102 28 321 6,762

Greenland 142 20 141 32 335 7,057

Greenville 195 41 158 52 446 9,395

Groton 32 5 27 2 66 1,390

Hampstead 273 63 268 54 658 13,861

Hampton 593 233 844 121 1,791 37,728

HamptonFalls 39 18 70 9 136 2,865

Hancock 81 15 90 16 202 4,255

Hanover 93 63 131 20 307 6,467

Harrisville 69 8 62 5 144 3,033

Haverhill 509 183 390 91 1,173 24,710

Hebron 38 6 44 6 94 1,980

Henniker 267 78 239 53 637 13,419

Hill 92 9 84 20 205 4,318

Hillsborough 675 151 494 140 1,460 30,755

Hinsdale 519 101 326 105 1,051 22,140

Holderness 110 16 140 19 285 6,004

Hollis 216 40 198 40 494 10,406

Hooksett 755 248 638 139 1,780 37,496

Hopkinton 254 50 213 41 558 11,754

Hudson 1,315 309 1,103 311 3,038 63,997

Jackson 36 6 50 2 94 1,980

Jaffrey 536 131 354 95 1,116 23,509

Jefferson 98 17 84 15 214 4,508

Keene 1,942 807 2,084 479 5,312 111,899

Kensington 64 7 74 13 158 3,328

Kingston 325 45 295 73 738 15,546

Laconia 2,004 852 2,024 428 5,308 111,815

Lancaster 393 136 330 81 940 19,801

Landaff 31 5 19 2 57 1,201

Langdon 33 5 31 6 75 1,580

Lebanon 768 308 751 180 2,007 42,278

Lee 185 35 208 35 463 9,753

Lempster 111 22 80 19 232 4,887

Lincoln 100 25 131 22 278 5,856

Lisbon 260 44 189 52 545 11,481

Litchfield 358 62 274 66 760 16,010

Littleton 715 238 693 157 1,803 37,981

Londonderry 1,269 199 1,020 247 2,735 57,614

Loudon 399 68 292 72 831 17,505

Lyman 33 5 39 2 79 1,664

Lyme 56 11 43 14 124 2,612

Lyndeborough 104 10 100 18 232 4,887

Madbury 64 15 55 17 151 3,181

Madison 251 45 198 39 533 11,228

Manchester 14,443 4,112 12,702 3,221 34,478 726,293

Marlborough 226 41 191 50 508 10,701

Marlow 70 10 29 15 124 2,612

Mason 56 6 60 7 129 2,717

Meredith 499 152 411 96 1,158 24,394

Merrimack 1,115 254 912 207 2,488 52,411

Middleton 181 31 110 46 368 7,752

Milan 111 34 89 21 255 5,372

Milford 998 274 772 215 2,259 47,587

Milton 443 91 329 93 956 20,139

Monroe 64 6 48 6 124 2,612

MontVernon 88 12 83 16 199 4,192

Moultonborough 317 38 236 44 635 13,377

Nashua 7,787 2,372 6,579 1,775 18,513 389,984

Nelson 47 8 43 14 112 2,359

NewBoston 265 61 206 48 580 12,218

NewCastle 7 2 19 2 30 632

NewDurham 196 14 153 46 409 8,616

NewHampton 190 29 161 19 399 8,405

NewIpswich 522 55 281 67 925 19,485

NewLondon 107 20 117 20 264 5,561

Newbury 99 27 105 12 243 5,119

Newfields 51 8 53 9 121 2,549

Newington 29 5 31 6 71 1,496

Newmarket 529 106 490 117 1,242 26,163

Newport 851 266 679 181 1,977 41,646

Newton 220 42 177 38 477 10,048

NorthHampton 109 32 183 24 348 7,331

Northfield 484 113 364 80 1,041 21,929

Northumberland 296 93 203 63 655 13,798

Northwood 298 63 261 77 699 14,725

Nottingham 236 37 181 36 490 10,322

Orange 24 2 18 2 46 969

Orford 144 9 72 15 240 5,056

Ossipee 652 171 450 124 1,397 29,428

Pelham 464 84 460 95 1,103 23,235

Pembroke 626 101 427 127 1,281 26,985

Peterborough 486 129 406 82 1,103 23,235

Piermont 66 14 42 11 133 2,802

Pittsburg 44 7 57 13 121 2,549

Pittsfield 561 116 362 122 1,161 24,457

Plainfield 79 16 61 15 171 3,602

Plaistow 440 53 351 103 947 19,949

Plymouth 448 121 476 107 1,152 24,267

Portsmouth 891 513 1,335 246 2,985 62,880

Randolph 19 2 21 2 44 927

Raymond 760 163 683 170 1,776 37,412

Richmond 135 11 72 16 234 4,929

Rindge 524 45 230 75 874 18,411

Rochester 3,472 1,084 3,164 801 8,521 179,498

Rollinsford 150 18 149 31 348 7,331

Roxbury 16 - 16 2 34 716

Rumney 180 19 161 22 382 8,047

Rye 102 35 188 24 349 7,352

Salem 1,387 369 1,321 325 3,402 71,665

Salisbury 76 21 68 14 179 3,771

Sanbornton 225 40 185 61 511 10,764

Sandown 318 65 253 59 695 14,640

Sandwich 80 10 75 13 178 3,750

Seabrook 785 215 788 201 1,989 41,899

Sharon 30 2 24 2 58 1,222

Shelburne 24 2 30 2 58 1,222

Somersworth 1,290 314 936 304 2,844 59,910

SouthHampton 28 2 38 8 76 1,601

Springfield 67 6 41 13 127 2,675

Stark 50 14 44 11 119 2,507

Stewartstown 81 65 79 13 238 5,014

Stoddard 102 13 61 12 188 3,960

Strafford 257 30 208 32 527 11,101

Stratford 110 37 108 31 286 6,025

Stratham 169 29 202 35 435 9,163

SugarHill 31 6 35 2 74 1,559

Sullivan 70 8 49 24 151 3,181

Sunapee 173 34 149 36 392 8,258

Surry 47 8 29 6 90 1,896

Sutton 82 7 68 7 164 3,455

Swanzey 643 158 524 118 1,443 30,397

Tamworth 362 84 305 61 812 17,105

Temple 83 20 95 17 215 4,529

Thornton 220 24 187 42 473 9,964

Tilton 467 105 409 100 1,081 22,772

Troy 251 56 184 57 548 11,544

Tuftonboro 167 19 167 29 382 8,047

Unity 47 69 40 5 161 3,392

Wakefield 515 81 352 95 1,043 21,971

Walpole 268 58 187 52 565 11,902

Warner 225 41 193 36 495 10,427

Warren 109 81 73 23 286 6,025

Washington 100 12 78 20 210 4,424

WatervilleValley 5 - 15 2 22 463

Weare 637 75 410 121 1,243 26,184

Webster 129 37 104 28 298 6,277

Wentworth 101 14 72 13 200 4,213

Westmoreland 95 102 91 16 304 6,404

Whitefield 276 91 231 49 647 13,629

Wilmot 88 7 69 9 173 3,644

Wilton 297 37 239 63 636 13,398

Winchester 552 167 439 133 1,291 27,195

Windham 351 114 379 60 904 19,043

Windsor 25 2 21 5 53 1,116

Wolfeboro 427 110 331 69 937 19,738

Woodstock 114 20 120 18 272 5,730

Out of State/

Unknown and

Fully Suppressed

Towns 233 68 186 57 544

Distribution Total: 5,000,000

6  Labor; Weekly Wages; Electronic Payment.  Amend RSA 275:43, I-II to read as follows:

I.  Every employer shall pay all wages due to employees within 8 days after the expiration of the work week if the employee is paid on a weekly basis, or within 15 days after the expiration of the work week if the employee is paid on a biweekly basis, except when permitted to pay wages less frequently as authorized by the commissioner pursuant to paragraph IV or IV-a(a), on regular paydays designated in advance by the employer and at no cost to the employee:

(a)  In lawful money of the United States;

(b)  By electronic fund transfer;

(c)  By direct deposit [with written authorization of the employee] to banks of the employee's choice;

(d)  By a payroll card provided that the employer shall provide to the employee at least one free means to withdraw up to and including the full amount of the employee balance in the employee's payroll card or payroll card account during each pay period at a financial institution or other location convenient to the place of employment.  Should an employee be unable to access their wages due to a technical or processing defect, the employer shall immediately provide the wages to the employee with either a replacement payroll card, a check, a direct deposit, or cash.  In such a situation, the employer shall be liable for late payment of wages whenever the replacement wages are provided after the designated pay day.  Should an employee’s payroll card be lost, stolen, or damaged such that the funds are no longer accessible to the employee, the employer shall provide the employee with a replacement payroll card within 24 hours of being notified.  None of the employer's costs associated with a payroll card or payroll card account shall be passed on to the employee; or

(e)  With checks on a financial institution convenient to the place of employment where suitable arrangements are made for the cashing of such checks by employees for the full amount of the wages due; provided, however, that [if an employer elects to pay employees as specified in subparagraphs (b), (c), or (d), the employer shall offer employees the option of being paid as specified in subparagraph (e), and further provided that] all wages in the nature of health and welfare fund or pension fund contributions required pursuant to a health and welfare fund trust agreement, pension fund trust agreement, collective bargaining agreement, or other agreement adopted for the benefit of employees and agreed to by the employer shall be paid by every such employer within 30 days of the date of demand for such payment, the payment to be made to the administrator or other designated official of the applicable health and welfare or pension trust fund.

II.  If an employer offers its employees the option of receiving wages by a payroll card, the employer shall:

(a)  Provide to the employee written disclosure in plain language of all the employee's wage payment options.  The written disclosure shall state the terms and conditions of the payroll card account option, including, but not limited to, the requirements set forth in this section and a complete itemized list of all known fees that may be deducted from the employee's payroll card account by the employer or card issuer.  The disclosure shall also state whether third parties may assess transaction fees in addition to the fees assessed by the employee's payroll card issuer or issuers.  In no event shall the employer provide payment of wages to a payroll card that has an expiration date, unless the employer agrees to provide a replacement payroll card before the expiration date at no cost to the employee.

(b)  Initiate payment of wages to an employee by electronic fund transfer to a payroll card account only after the employee has [voluntarily consented in writing to that method of payment.  Consent to payment of wages by electronic fund transfer to a payroll card account shall not be a condition of hire or of continued employment.  The written consent signed by the employee shall include the terms and conditions of the payroll card account option] failed to provide bank information to enable direct deposit as specified in subparagraph I(c) within 14 calendar days of the employer's request.  An employer that wishes to offer only electronic wage payment under subparagraphs I(c)-(d) shall advise employees that failure to provide bank information shall result in wage payments via payroll card.

(c)  Provide written notice of any change to any of the terms and conditions of the payroll card or payroll card account, including but not limited to an itemized list of all fees that may have changed[, and obtain written assent from the employee that the employee voluntarily consents to receive wages to a payroll card or payroll card account subject to the changes].  The employer shall be responsible for any increase in fees charged to the employee before the employer provides written notice of such changes to the employee.

(d)  Provide the employee the option to discontinue receipt of wages by a payroll card or payroll card account, and instead to receive wages via direct deposit, at any time, without penalty to the employee.

7  New Chapter; Regulation of Online Marketplaces.  Amend RSA by inserting after chapter 358-S the following new chapter:

CHAPTER 358-T

REGULATION OF ONLINE MARKETPLACES

358-T:1  Definition.  In this chapter:

I.  "Consumer product" means any tangible personal property which is distributed in commerce and which is normally used for personal, family, or household purposes, including any such property intended to be attached to or installed in any real property without regard to whether it is so attached or installed.

II.  "High-volume third-party seller" means a participant in an online marketplace who is a third-party seller and who, in any continuous 12-month period during the previous 24 months, has entered into 200 or more discrete sales or transactions of new or unused consumer products and an aggregate total of $5,000 or more in gross revenues.  For purposes of calculating the number of discrete sales or transactions or the aggregate gross revenues, an online marketplace shall only be required to count sales or transactions made through the online marketplace and for which payment was processed by the online marketplace, either directly or through its payment processor.

III.  "Online marketplace" means any person or entity that operates a consumer-directed electronically based or accessed platform that:  

(a)  Includes features that allow for, facilitate, or enable third-party sellers to engage in the sale, purchase, payment, storage, shipping, or delivery of a consumer product in the United States;

(b)  Is used by one or more third-party sellers for such purposes; and

(c)  Has a contractual or similar relationship with consumers governing their use of the platform to purchase consumer products.

IV.  "Seller" means a person who sells, offers to sell, or contracts to sell a consumer product through an online marketplace’s platform.

V.  "Third-party seller" means any seller, independent of an online marketplace, who sells, offers to sell, or contracts to sell a consumer product in the United States through an online marketplace.  The term "third-party seller" shall not include, with respect to an online marketplace:

(a)  A seller who operates the online marketplace’s platform; or

(b)  A business entity that has:

(1)  Made available to the general public the entity's name, business address, and working contact information;

(2)  An ongoing contractual relationship with the online marketplace to provide the online marketplace with the manufacture, distribution, wholesaling, or fulfillment of shipments of consumer products; and

(3)  Provided to the online marketplace identifying information, as described in RSA 358-T:2, that has been verified in accordance with that section.

VI.  "Verify" means to confirm information provided to an online marketplace pursuant to this chapter, which may include the use of one or more methods that enable the online marketplace to reliably determine that any information and documents provided are valid, correspond to the seller or an individual acting on the seller’s behalf, not misappropriated, and not falsified.

358-T:2  Collection and Verification of Information by Online Marketplaces.  

I.  In general, online marketplaces shall require that any high-volume third-party seller on the online marketplace’s platform provide the online marketplace with the following information no later than 10 days after qualifying as a high-volume third-party seller on the platform:

(a)  A bank account number, or, if the high-volume third-party seller does not have a bank account, the name of the payee for payments issued by the online marketplace to the high-volume third-party seller.  The bank account or payee information required may be provided by the seller in the following ways:

(1)  To the online marketplace; or

(2)  To a payment processor or other third-party contracted by the online marketplace to maintain such information; provided that the online marketplace ensures that it can obtain such information on demand from such payment processor or other third-party.

(b)  Contact information for high-volume third-party sellers as follows:

(1)  If the high-volume third-party seller is an individual, the individual's name; or

(2)  If the high-volume third-party seller is not an individual, one of the following forms of contact information:

(A)  A copy of a valid government-issued identification for an individual acting on behalf of such seller that includes the individual's name; or

(B)  A copy of a valid government-issued record or tax document that includes the business name and physical address of such seller.

(c)  A business tax identification number or, if the high-volume third-party seller does not have a business tax identification number, a taxpayer identification number.

(d)  A current working email address and phone number for the high-volume third-party seller.

II.  An online marketplace shall:

(a)  Periodically, but not less than annually, notify any high-volume third-party seller on such online marketplace’s platform of the requirement to keep any information collected under paragraph I current; and

(b)  Require any high-volume third-party seller on such online marketplace’s platform to, not later than 10 days after receiving the notice under subparagraph (a), electronically certify that:

(1)  The high-volume third-party seller has provided any changes to such information to the online marketplace, if such changes have occurred;

(2)  There have been no changes to the high-volume third-party seller’s information; or

(3)  The high-volume third-party seller has provided any changes to such information to the online marketplace.

III.  In the event that a high-volume third-party seller does not provide the information or certification required, the online marketplace shall, after providing the seller with written or electronic notice and an opportunity to provide such information or certification not later than 10 days after the issuance of such notice, suspend any future sales activity of such seller until such seller provides such information or certification.

IV.  In general, online marketplaces shall:

(a)  Verify the information collected under paragraph I not later than 10 days after such collection; and

(b)  Verify any changes to such information not later than 10 days after being notified of such change by a high-volume third-party seller under paragraph II.  

V.  In the case of a high-volume third-party seller that provides a copy of a valid government-issued tax document, any information contained in such document shall be presumed to be verified as of the date of issuance of such record or document.

VI.  Data collected solely to comply with the requirements of this chapter may not be used for any other purpose unless required by law.

VII.  An online marketplace shall implement and maintain reasonable security procedures and practices, including administrative, physical, and technical safeguards, appropriate to the nature of the data and the purposes for which the data will be used, to protect the data collected to comply with the requirements of this chapter from unauthorized use, disclosure, access, destruction, or modification.

358-T:3  Disclosure of Information by Online Marketplaces to Inform Consumers.

I.  An online marketplace shall:

(a)  Require any high-volume third-party seller with an aggregate total of $20,000 or more in annual gross revenues on such online marketplace, and that uses such online marketplace’s platform, to provide the information described in paragraph II to the online marketplace; and

(b)  Disclose the information described in paragraph II to consumers in a conspicuous manner:

(1)  In the order confirmation message or other document or communication made to a consumer after a purchase is finalized; and

(2)  In the consumer’s account transaction history.

II.  The information described in this paragraph is the following:

(a)  Subject to paragraph III, the identity of the high-volume third-party seller, including:

(1)  The full name of the seller, which may include the seller name or seller’s company name, or the name by which the seller or company operates on the online marketplace;

(2)  The physical address of the seller; and

(3)  Contact information for the seller, to allow for the direct, unhindered communication with high-volume third-party sellers by users of the online marketplace, including:

(A)  A current working phone number;

(B)  A current working email address; or

(C)  Other means of direct electronic messaging, which may be provided to the high-volume third-party seller by the online marketplace.

(b)  Whether the high-volume third party seller used a different seller to supply the consumer product to the consumer upon purchase, and, upon the request of an authenticated purchaser, the information described in subparagraph (a) relating to any such seller that supplied the consumer product to the purchaser, if such seller is different than the high-volume third party seller listed on the product listing prior to purchase.

III.(a)  Subject to subparagraph (b), upon the request of a high-volume third-party seller, an online marketplace may provide for partial disclosure of the identity information required under subparagraph II(a) in the following situations:

(1)  If the high-volume third-party seller certifies to the online marketplace that the seller does not have a business address and only has a residential street address, or has a combined business and residential address, the online marketplace may:

(A)  Disclose only the country and, if applicable, the state in which the high-volume third-party seller resides; and

(B)  Inform consumers that there is no business address available for the seller and that consumer inquiries should be submitted to the seller by phone, email, or other means of electronic messaging provided to such seller by the online marketplace.

(2)  If the high-volume third-party seller certifies to the online marketplace that the seller is a business that has a physical address for product returns, the online marketplace may disclose the seller's physical address for product returns.

(3)  If a high-volume third-party seller certifies to the online marketplace that the seller does not have a phone number other than a personal phone number, the online marketplace shall inform consumers that there is no phone number available for the seller and that consumer inquiries should be submitted to the seller's email address or other means of electronic messaging provided to such seller by the online marketplace.

(b)  If an online marketplace becomes aware that a high volume third-party seller has made a false representation to the online marketplace in order to justify the provision of a partial disclosure under subparagraph (a) or that a high-volume third-party seller who has requested and received a provision for a partial disclosure under subparagraph (a) has not provided responsive answers within a reasonable timeframe to consumer inquiries submitted to the seller by phone, email, or other means of electronic messaging provided to such seller by the online marketplace, the online marketplace shall, after providing the seller with written or electronic notice and an opportunity to respond not later than 10 days after the issuance of such notice, suspend any future sales activity of such seller unless such seller consents to the disclosure of the identity information required under subparagraph II(a).

III.  An online marketplace shall disclose to consumers in a clear and conspicuous manner on the product listing of any high-volume third-party seller, a reporting mechanism that allows for electronic and telephonic reporting of suspicious marketplace activity to the online marketplace.

IV.  If a high-volume third-party seller does not comply with the requirements to provide and disclose information under this subsection, the online marketplace shall, after providing the seller with written or electronic notice and an opportunity to provide or disclose such information not later than 10 days after the issuance of such notice, suspend any future sales activity of such seller until the seller complies with such requirements.

358-T:4  Enforcement.  Any violation of the provisions of this chapter is an unfair or deceptive act or practice within the meaning of RSA 358-A:2.  Any right, remedy, or power given to the attorney general in RSA 358-A may be used to enforce the provisions of this chapter.

358-T:5  Rulemaking.  The attorney general may adopt rules under RSA 541-A relative to the collection and verification of information under this chapter, provided that such regulations are limited to what is necessary to collect and verify such information.

358-T:6  Preemption.  No political subdivision shall establish, mandate, or otherwise require online marketplaces to verify information from high-volume third-party sellers on a one-time or ongoing basis or disclose information to consumers.

8  Contingency.  If the attorney general certifies to the director of the office of legislative services that H.R. 5502 (117th Congress (2021-2022)) or similar federal legislation requiring online marketplaces to verify and disclose certain information has become law prior to January 1, 2023, section 7 of this act shall not take effect.  If H.R. 5502 or similar federal legislation requiring online marketplaces to verify and disclose certain information does not become law, section 7 of this act shall take effect January 1, 2023.

9  Effective Date.  

I.  Sections 3-5 of this act shall take effect July 1, 2022.

II.  Section 7 of this act shall take effect as provided in section 8 of this act.

III.  Section 8 of this act shall take effect upon its passage.

IV.  The remainder of this act shall take effect 60 days after its passage.

 

LBA

22-2019

Amended 4/26/22

 

HB 1662-FN- FISCAL NOTE

AS AMENDED BY THE HOUSE (AMENDMENT #2022-1134h)

 

AN ACT related to privacy obligations of the department of health and human services.

 

FISCAL IMPACT:      [ X ] State              [    ] County               [    ] Local              [    ] None

 

 

Estimated Increase / (Decrease)

STATE:

FY 2022

FY 2023

FY 2024

FY 2025

   Appropriation

$0

$137,480

$0

$0

   Revenue

$0

$0

$0

$0

   Expenditures

$0

$137,000 general funds; $91,000 federal funds

$139,000 general funds; $91,000 federal funds

$146,000 general funds; $96,000 federal funds

Funding Source:

  [ X ] General            [    ] Education            [    ] Highway           [ X ] Other - Federal Funds

 

METHODOLOGY:

This bill establishes a Data Privacy and Information Technology Governance Board within the Department of Health and Human Services to oversee data privacy risk calculation and risk mitigation efforts.  The bill establishes two full-time classified positions (Business Systems Analyst II, Labor Grade 30) for the purposes of implementing mitigation efforts and other necessary updates.  The Department anticipates that in total, these positions will cost $228,000  ($137,000 general funds / $91,000 federal funds) in FY23, $230,000 ($139,000 general funds / $91,000 federal funds) in FY24, and $242,000 ($146,000 general funds, $96,000 federal funds) in FY25.  The bill contains a general fund appropriation of $137,480 in FY23, which is expected to be the exact cost of salary and benefits in that fiscal year.

 

AGENCIES CONTACTED:

Department of Health and Human Services

 

feedback