Bill Text: NH HB1662 | 2022 | Regular Session | Amended
Bill Title: Relative to the privacy obligations of the department of health and human services, an appropriation for housing expenses for homeless people and parameters thereof, electronic wage payments, and requiring online marketplaces to disclose certain information to consumers.
Spectrum: Moderate Partisan Bill (Republican 7-1)
Status: (Engrossed - Dead) 2022-05-23 - Conference Committee Report; Not Signed Off; Senate Journal 13 [HB1662 Detail]
Download: New_Hampshire-2022-HB1662-Amended.html
HB 1662-FN - AS AMENDED BY THE SENATE
16Feb2022... 0577h
31Mar2022... 1134h
05/05/2022 1969s
05/05/2022 1905s
05/05/2022 1952s
2022 SESSION
22-2019
07/05
HOUSE BILL 1662-FN
SPONSORS: Rep. Edwards, Rock. 4; Rep. M. Pearson, Rock. 34; Rep. Salloway, Straf. 5; Rep. McMahon, Rock. 7; Rep. Nelson, Carr. 5; Rep. Lang, Belk. 4; Sen. Giuda, Dist 2; Sen. Gray, Dist 6
COMMITTEE: Health, Human Services and Elderly Affairs
-----------------------------------------------------------------
AMENDED ANALYSIS
This bill:
I. Establishes a data privacy and information technology security governance board within the department of health and human services to oversee data privacy risk calculation and risk mitigation efforts and provides for 2 employees within the department to accomplish these objectives.
II. Provides for an appropriation to the department for the housing expenses for homeless people seeking shelter, distribution of which is based on the Medicaid full enrollment population of each town as of April 4, 2022 as provided in the bill.
III. Amends the provisions related to payment of an employee’s wages by direct deposit.
IV. Requires third-party sellers to provide certain information to online marketplaces and to consumers, and deems the failure to do so a violation of the consumer protection act.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Explanation: Matter added to current law appears in bold italics.
Matter removed from current law appears [in brackets and struckthrough.]
Matter which is either (a) all new or (b) repealed and reenacted appears in regular type.
16Feb2022... 0577h
31Mar2022... 1134h
05/05/2022 1969s
05/05/2022 1905s
05/05/2022 1952s 22-2019
07/05
STATE OF NEW HAMPSHIRE
In the Year of Our Lord Two Thousand Twenty Two
Be it Enacted by the Senate and House of Representatives in General Court convened:
1 Declaration of Purpose. New Hampshire voters passed the Right of Privacy into the state constitution in November 2018 with an 81 percent approval. With that vote, state government culture and behavior needed to be shaped by the words, “An individual's right to live free from governmental intrusion in private or personal information is natural, essential, and inherent”. The department of health and human services has been subject to the Health Insurance Portability and Accountability Act since 1996 which drove initial efforts to develop a culture and infrastructure to protect personal data privacy. As a holder of personal information in state government, the department has a responsibility to demonstrate to the public the state’s commitment to actively and overtly respect personal privacy, including privacy of personal information. Establishing and maturing a culture of privacy is core to successfully driving future efforts to implement and enhance privacy policies, procedures, and practices. Continuous improvement requires appropriate governance and policy leadership.
2 New Subdivision; Data Privacy and Information Technology Security Governance Board. Amend RSA 126-A by inserting after section 97 the following new subdivision:
Data Privacy and Information Technology Security Governance Board
126-A:98 Data Privacy and Information Technology Security Governance Board Established. There is hereby established a data privacy and information technology security governance board to oversee the department's use of data, data privacy, and information technology security that shall be maintained by the department of health and human services.
126-A:99 Membership; Quorum.
I. The data privacy and information technology security governance board shall consist of the following members:
(a) The commissioner of the department of health and human services, who shall serve as the governance board chair.
(b) The department's privacy officer.
(c) Three directors of the department who have responsibility for one of the following areas: medicaid services, public health, behavioral health, children, youth and families, or long-term support and services.
(d) The director of the department's bureau of human resource management.
(e) The director of the department's bureau of information services.
(f) The department's chief legal officer.
(g) The commissioner of the department of information technology.
(h) Up to 2 additional voting members appointed by the commissioner of the department of health and human services, if needed.
II. A quorum of this board shall consist of the named positions being in attendance with greater than 50 percent present. Members may delegate authority to represent them for the purposes of maintaining a quorum. The chair of the board may also delegate authority to another appropriate member of the governance board to serve during a specified meeting.
126-A:100 Duties. The data privacy and information technology security governance board shall:
I. Meet at least 3 times a year and post public facing meeting minutes within 2 weeks of the completion of each meeting on the department's web page.
II. Become educated in what data governance means, how it will work for the organization, and what it means to embrace data governance and activate enterprise data stewards.
III. Actively promote improved data governance practices across the department.
IV. Identify and approve of pivotal data governance roles and responsibilities for the department including cross-enterprise domain stewards and coordinators.
V. Advise, review, and approve the department's data control, governance, and privacy practices in compliance with federal and state law and federal and state information privacy and security policies, with the goal to meet or exceed private market benchmarks for governance, risk management, and compliance.
VI. Drive strategic and timely implementation of a department-wide privacy policy, related procedures and processes to operationalize policy-derived controls, and effective risk management methodologies, including industry standards such as privacy impact assessments and privacy by design.
VII. The data privacy and information technology security governance board may solicit information from any person or entity the board deems relevant to its quest.
126-A:101 Risk Management.
I. For each information technology system that contains personal information, the department shall conduct a written risk assessment and mitigation remediation plan in the form of a privacy impact assessment.
II. The assessment and plan shall:
(a) Assess risks to an individual's right to privacy within the department's information technology systems where the individual does not possess immediate control over their information.
(b) Recommend alternatives to both mitigate the risks and achieve the stated objectives of the department's systems.
(c) Identify those individuals and offices within the department who shall be directly accountable for the assessment and plan, the system at the time the assessment and plan are compiled, and any approved alternatives and mitigations as a result of the assessment and plan.
III. Unless otherwise required by law or applicable regulation, no personal information shall be collected prior to the completion of the assessment and plan and any subsequent measures as a result of the assessment and plan, as determined by the governance board for any systems implemented subsequent to March 31, 2023.
IV. The assessment and plan shall be approved and may be acted upon by the commissioner. All assessments and plans conducted before the date of the next data privacy and information technology security governance board meeting shall be submitted to the board for review.
3 Data Privacy and Information Technology Security Governance Board; Specialized Employees Authorized; Appropriation.
I. The department is hereby authorized to establish 2 full-time, permanent employees to support and conduct the required data privacy and information technology security assessments, as well as manage the implementation of mitigation efforts and other necessary updates.
II. The qualifications of the 2 employees shall include privacy certifications, information systems expertise, and project management and communications experience. Certifications may be deferred for up to 2 years post-hiring.
III. The 2 employees shall be classified, full time employees who shall work on assisting in implementing the objectives of the data privacy and information technology security governance board, conducting the privacy assessment and mitigation plan, and other, related data privacy and information technology security activities in the department of health and human services. The classification shall be business systems analyst II, labor grade 30, step 5. The sum of $137,480 in general funds for the fiscal year ending June 30, 2023 is hereby appropriated to the department of health and human services for the purpose of funding 2 business systems analyst II positions for the purpose of implementation of this act. The governor is authorized to draw a warrant for said amounts out of any money in the treasury not otherwise appropriated. The department is authorized to accept and expend matching federal funds for the purposes of this section without prior approval of the fiscal committee of the general court.
IV. The department is authorized to use contract support available from funds prior to July 1, 2023.
4 Housing Expenses for Homeless People; Appropriation. The sum of $5,000,000 for the fiscal year ending June 30, 2023 is hereby appropriated to the department of health and human services for the purpose of assisting cities and towns with housing expenses for homeless people seeking shelter. No later than August 1, 2022, the department shall distribute said sum to municipalities based on each municipality’s share of total Medicaid enrollees as of April 3, 2022, as determined by section 5 of this act. Municipalities shall use said funds to make payments to homeless shelters or overnight lodging providers offering discounted rates to accommodate homeless people in their community. The governor shall determine if any discretionary funds appropriated in the American Rescue Plan Act of 2021, Public Law 117-2, or any other federal funds, can be used for this purpose, and the department shall expend such federal funds for this purpose. Any remainder shall be appropriated from the general fund. The governor is authorized to draw a warrant for the general fund portion of such sum from any money in the treasury not otherwise appropriated.
5 Housing Expenses for Homeless People; Appropriation Distribution Reference. The sum appropriated in section 4 of this act shall be distributed by the department according to the following table based upon full benefit Medicaid enrollees as of April 4, 2022:
Town Children Elderly Adult Expansion Other Total: Distribution
Name: (Under 19): and Disabled: via Granite Non-Disabled Amount:
Advantage: /Non-Elderly
Adults:
Acworth 63 11 43 12 129 2,717
Albany 81 20 77 16 194 4,087
Alexandria 177 30 137 39 383 8,068
Allenstown 491 121 373 97 1,082 22,793
Alstead 174 29 165 38 406 8,553
Alton 382 58 343 73 856 18,032
Amherst 336 62 297 54 749 15,778
Andover 195 21 132 30 378` 7,963
Antrim 292 51 210 53 606 12,766
Ashland 230 61 174 51 516 10,870
Atkinson 146 42 161 32 381 8,026
Auburn 172 39 186 45 442 9,311
Barnstead 429 56 316 83 884 18,622
Barrington 546 106 470 104 1,226 25,826
Bartlett 173 25 169 34 401 8,447
Bath 107 19 87 16 229 4,824
Bedford 638 382 543 128 1,691 35,622
Belmont 804 155 575 183 1,717 36,169
Bennington 161 31 134 26 352 7,415
Benton 21 9 16 2 48 1,011
Berlin 1,254 631 1,085 318 3,288 69,263
Bethlehem 268 68 243 43 622 13,103
Boscawen 347 238 281 65 931 19,612
Bow 300 52 225 57 634 13,355
Bradford 148 24 144 27 343 7,225
Brentwood 130 119 127 24 400 8,426
Bridgewater 39 9 53 7 108 2,275
Bristol 388 94 298 71 851 17,927
Brookfield 41 7 35 9 92 1,938
Brookline 180 28 185 43 436 9,185
Campton 318 55 251 66 690 14,535
Canaan 298 36 245 59 638 13,440
Candia 180 39 158 40 417 8,784
Canterbury 130 28 116 23 297 6,256
Carroll 57 9 72 6 144 3,033
Center Harbor 58 11 77 12 158 3,328
Charlestown 551 127 367 143 1,188 25,026
Chatham 38 2 21 7 68 1,432
Chester 213 32 185 43 473 9,964
Chesterfield 225 20 180 28 453 9,543
Chichester 208 38 129 35 410 8,637
Claremont 1,828 661 1,603 460 4,552 95,890
Clarksville 30 5 25 7 67 1,411
Colebrook 242 111 250 50 653 13,756
Columbia 27 14 31 5 77 1,622
Concord 3,576 1,713 3,856 824 9,969 210,001
Conway 1,016 339 977 187 2,519 53,064
Cornish 51 11 68 8 138 2,907
Croydon 67 11 56 15 149 3,139
Dalton 116 24 88 21 249 5,245
Danbury 128 15 106 23 272 5,730
Danville 221 55 204 46 526 11,080
Deerfield 263 51 171 32 517 10,891
Deering 148 40 155 31 374 7,878
Derry 2,511 650 1,997 568 5,726 120,621
Dorchester 43 6 36 11 96 2,022
Dover 2,070 749 1,906 502 5,227 110,109
Dublin 112 9 89 23 233 4,908
Dummer 32 7 20 2 61 1,285
Dunbarton 96 37 109 18 260 5,477
Durham 135 71 185 18 409 8,616
EastKingston 91 9 98 20 218 4,592
Easton 6 2 9 2 19 400
Eaton 25 2 25 2 54 1,138
Effingham 224 43 172 49 488 10,280
Ellsworth 11 - 10 2 23 485
Enfield 246 44 236 57 583 12,281
Epping 436 95 355 104 990 20,855
Epsom 302 110 227 61 700 14,746
Errol 13 9 22 2 46 969
Exeter 728 238 680 157 1,803 37,981
Farmington 743 201 586 160 1,690 35,601
Fitzwilliam 252 30 177 49 508 10,701
Francestown 89 10 63 10 172 3,623
Franconia 55 46 64 7 172 3,623
Franklin 1,183 421 949 259 2,812 59,236
Freedom 78 16 101 18 213 4,487
Fremont 210 39 190 45 484 10,196
Gilford 434 99 389 92 1,014 21,360
Gilmanton 310 45 243 65 663 13,966
Gilsum 80 13 58 10 161 3,392
Goffstown 737 336 569 151 1,793 37,770
Gorham 221 74 193 39 527 11,101
Goshen 74 14 59 16 163 3,434
Grafton 152 26 136 33 347 7,310
Grantham 88 12 89 19 208 4,382
Greenfield 152 39 102 28 321 6,762
Greenland 142 20 141 32 335 7,057
Greenville 195 41 158 52 446 9,395
Groton 32 5 27 2 66 1,390
Hampstead 273 63 268 54 658 13,861
Hampton 593 233 844 121 1,791 37,728
HamptonFalls 39 18 70 9 136 2,865
Hancock 81 15 90 16 202 4,255
Hanover 93 63 131 20 307 6,467
Harrisville 69 8 62 5 144 3,033
Haverhill 509 183 390 91 1,173 24,710
Hebron 38 6 44 6 94 1,980
Henniker 267 78 239 53 637 13,419
Hill 92 9 84 20 205 4,318
Hillsborough 675 151 494 140 1,460 30,755
Hinsdale 519 101 326 105 1,051 22,140
Holderness 110 16 140 19 285 6,004
Hollis 216 40 198 40 494 10,406
Hooksett 755 248 638 139 1,780 37,496
Hopkinton 254 50 213 41 558 11,754
Hudson 1,315 309 1,103 311 3,038 63,997
Jackson 36 6 50 2 94 1,980
Jaffrey 536 131 354 95 1,116 23,509
Jefferson 98 17 84 15 214 4,508
Keene 1,942 807 2,084 479 5,312 111,899
Kensington 64 7 74 13 158 3,328
Kingston 325 45 295 73 738 15,546
Laconia 2,004 852 2,024 428 5,308 111,815
Lancaster 393 136 330 81 940 19,801
Landaff 31 5 19 2 57 1,201
Langdon 33 5 31 6 75 1,580
Lebanon 768 308 751 180 2,007 42,278
Lee 185 35 208 35 463 9,753
Lempster 111 22 80 19 232 4,887
Lincoln 100 25 131 22 278 5,856
Lisbon 260 44 189 52 545 11,481
Litchfield 358 62 274 66 760 16,010
Littleton 715 238 693 157 1,803 37,981
Londonderry 1,269 199 1,020 247 2,735 57,614
Loudon 399 68 292 72 831 17,505
Lyman 33 5 39 2 79 1,664
Lyme 56 11 43 14 124 2,612
Lyndeborough 104 10 100 18 232 4,887
Madbury 64 15 55 17 151 3,181
Madison 251 45 198 39 533 11,228
Manchester 14,443 4,112 12,702 3,221 34,478 726,293
Marlborough 226 41 191 50 508 10,701
Marlow 70 10 29 15 124 2,612
Mason 56 6 60 7 129 2,717
Meredith 499 152 411 96 1,158 24,394
Merrimack 1,115 254 912 207 2,488 52,411
Middleton 181 31 110 46 368 7,752
Milan 111 34 89 21 255 5,372
Milford 998 274 772 215 2,259 47,587
Milton 443 91 329 93 956 20,139
Monroe 64 6 48 6 124 2,612
MontVernon 88 12 83 16 199 4,192
Moultonborough 317 38 236 44 635 13,377
Nashua 7,787 2,372 6,579 1,775 18,513 389,984
Nelson 47 8 43 14 112 2,359
NewBoston 265 61 206 48 580 12,218
NewCastle 7 2 19 2 30 632
NewDurham 196 14 153 46 409 8,616
NewHampton 190 29 161 19 399 8,405
NewIpswich 522 55 281 67 925 19,485
NewLondon 107 20 117 20 264 5,561
Newbury 99 27 105 12 243 5,119
Newfields 51 8 53 9 121 2,549
Newington 29 5 31 6 71 1,496
Newmarket 529 106 490 117 1,242 26,163
Newport 851 266 679 181 1,977 41,646
Newton 220 42 177 38 477 10,048
NorthHampton 109 32 183 24 348 7,331
Northfield 484 113 364 80 1,041 21,929
Northumberland 296 93 203 63 655 13,798
Northwood 298 63 261 77 699 14,725
Nottingham 236 37 181 36 490 10,322
Orange 24 2 18 2 46 969
Orford 144 9 72 15 240 5,056
Ossipee 652 171 450 124 1,397 29,428
Pelham 464 84 460 95 1,103 23,235
Pembroke 626 101 427 127 1,281 26,985
Peterborough 486 129 406 82 1,103 23,235
Piermont 66 14 42 11 133 2,802
Pittsburg 44 7 57 13 121 2,549
Pittsfield 561 116 362 122 1,161 24,457
Plainfield 79 16 61 15 171 3,602
Plaistow 440 53 351 103 947 19,949
Plymouth 448 121 476 107 1,152 24,267
Portsmouth 891 513 1,335 246 2,985 62,880
Randolph 19 2 21 2 44 927
Raymond 760 163 683 170 1,776 37,412
Richmond 135 11 72 16 234 4,929
Rindge 524 45 230 75 874 18,411
Rochester 3,472 1,084 3,164 801 8,521 179,498
Rollinsford 150 18 149 31 348 7,331
Roxbury 16 - 16 2 34 716
Rumney 180 19 161 22 382 8,047
Rye 102 35 188 24 349 7,352
Salem 1,387 369 1,321 325 3,402 71,665
Salisbury 76 21 68 14 179 3,771
Sanbornton 225 40 185 61 511 10,764
Sandown 318 65 253 59 695 14,640
Sandwich 80 10 75 13 178 3,750
Seabrook 785 215 788 201 1,989 41,899
Sharon 30 2 24 2 58 1,222
Shelburne 24 2 30 2 58 1,222
Somersworth 1,290 314 936 304 2,844 59,910
SouthHampton 28 2 38 8 76 1,601
Springfield 67 6 41 13 127 2,675
Stark 50 14 44 11 119 2,507
Stewartstown 81 65 79 13 238 5,014
Stoddard 102 13 61 12 188 3,960
Strafford 257 30 208 32 527 11,101
Stratford 110 37 108 31 286 6,025
Stratham 169 29 202 35 435 9,163
SugarHill 31 6 35 2 74 1,559
Sullivan 70 8 49 24 151 3,181
Sunapee 173 34 149 36 392 8,258
Surry 47 8 29 6 90 1,896
Sutton 82 7 68 7 164 3,455
Swanzey 643 158 524 118 1,443 30,397
Tamworth 362 84 305 61 812 17,105
Temple 83 20 95 17 215 4,529
Thornton 220 24 187 42 473 9,964
Tilton 467 105 409 100 1,081 22,772
Troy 251 56 184 57 548 11,544
Tuftonboro 167 19 167 29 382 8,047
Unity 47 69 40 5 161 3,392
Wakefield 515 81 352 95 1,043 21,971
Walpole 268 58 187 52 565 11,902
Warner 225 41 193 36 495 10,427
Warren 109 81 73 23 286 6,025
Washington 100 12 78 20 210 4,424
WatervilleValley 5 - 15 2 22 463
Weare 637 75 410 121 1,243 26,184
Webster 129 37 104 28 298 6,277
Wentworth 101 14 72 13 200 4,213
Westmoreland 95 102 91 16 304 6,404
Whitefield 276 91 231 49 647 13,629
Wilmot 88 7 69 9 173 3,644
Wilton 297 37 239 63 636 13,398
Winchester 552 167 439 133 1,291 27,195
Windham 351 114 379 60 904 19,043
Windsor 25 2 21 5 53 1,116
Wolfeboro 427 110 331 69 937 19,738
Woodstock 114 20 120 18 272 5,730
Out of State/
Unknown and
Fully Suppressed
Towns 233 68 186 57 544
Distribution Total: 5,000,000
6 Labor; Weekly Wages; Electronic Payment. Amend RSA 275:43, I-II to read as follows:
I. Every employer shall pay all wages due to employees within 8 days after the expiration of the work week if the employee is paid on a weekly basis, or within 15 days after the expiration of the work week if the employee is paid on a biweekly basis, except when permitted to pay wages less frequently as authorized by the commissioner pursuant to paragraph IV or IV-a(a), on regular paydays designated in advance by the employer and at no cost to the employee:
(a) In lawful money of the United States;
(b) By electronic fund transfer;
(c) By direct deposit [with written authorization of the employee] to banks of the employee's choice;
(d) By a payroll card provided that the employer shall provide to the employee at least one free means to withdraw up to and including the full amount of the employee balance in the employee's payroll card or payroll card account during each pay period at a financial institution or other location convenient to the place of employment. Should an employee be unable to access their wages due to a technical or processing defect, the employer shall immediately provide the wages to the employee with either a replacement payroll card, a check, a direct deposit, or cash. In such a situation, the employer shall be liable for late payment of wages whenever the replacement wages are provided after the designated pay day. Should an employee’s payroll card be lost, stolen, or damaged such that the funds are no longer accessible to the employee, the employer shall provide the employee with a replacement payroll card within 24 hours of being notified. None of the employer's costs associated with a payroll card or payroll card account shall be passed on to the employee; or
(e) With checks on a financial institution convenient to the place of employment where suitable arrangements are made for the cashing of such checks by employees for the full amount of the wages due; provided, however, that [if an employer elects to pay employees as specified in subparagraphs (b), (c), or (d), the employer shall offer employees the option of being paid as specified in subparagraph (e), and further provided that] all wages in the nature of health and welfare fund or pension fund contributions required pursuant to a health and welfare fund trust agreement, pension fund trust agreement, collective bargaining agreement, or other agreement adopted for the benefit of employees and agreed to by the employer shall be paid by every such employer within 30 days of the date of demand for such payment, the payment to be made to the administrator or other designated official of the applicable health and welfare or pension trust fund.
II. If an employer offers its employees the option of receiving wages by a payroll card, the employer shall:
(a) Provide to the employee written disclosure in plain language of all the employee's wage payment options. The written disclosure shall state the terms and conditions of the payroll card account option, including, but not limited to, the requirements set forth in this section and a complete itemized list of all known fees that may be deducted from the employee's payroll card account by the employer or card issuer. The disclosure shall also state whether third parties may assess transaction fees in addition to the fees assessed by the employee's payroll card issuer or issuers. In no event shall the employer provide payment of wages to a payroll card that has an expiration date, unless the employer agrees to provide a replacement payroll card before the expiration date at no cost to the employee.
(b) Initiate payment of wages to an employee by electronic fund transfer to a payroll card account only after the employee has [voluntarily consented in writing to that method of payment. Consent to payment of wages by electronic fund transfer to a payroll card account shall not be a condition of hire or of continued employment. The written consent signed by the employee shall include the terms and conditions of the payroll card account option] failed to provide bank information to enable direct deposit as specified in subparagraph I(c) within 14 calendar days of the employer's request. An employer that wishes to offer only electronic wage payment under subparagraphs I(c)-(d) shall advise employees that failure to provide bank information shall result in wage payments via payroll card.
(c) Provide written notice of any change to any of the terms and conditions of the payroll card or payroll card account, including but not limited to an itemized list of all fees that may have changed[, and obtain written assent from the employee that the employee voluntarily consents to receive wages to a payroll card or payroll card account subject to the changes]. The employer shall be responsible for any increase in fees charged to the employee before the employer provides written notice of such changes to the employee.
(d) Provide the employee the option to discontinue receipt of wages by a payroll card or payroll card account, and instead to receive wages via direct deposit, at any time, without penalty to the employee.
7 New Chapter; Regulation of Online Marketplaces. Amend RSA by inserting after chapter 358-S the following new chapter:
CHAPTER 358-T
REGULATION OF ONLINE MARKETPLACES
358-T:1 Definition. In this chapter:
I. "Consumer product" means any tangible personal property which is distributed in commerce and which is normally used for personal, family, or household purposes, including any such property intended to be attached to or installed in any real property without regard to whether it is so attached or installed.
II. "High-volume third-party seller" means a participant in an online marketplace who is a third-party seller and who, in any continuous 12-month period during the previous 24 months, has entered into 200 or more discrete sales or transactions of new or unused consumer products and an aggregate total of $5,000 or more in gross revenues. For purposes of calculating the number of discrete sales or transactions or the aggregate gross revenues, an online marketplace shall only be required to count sales or transactions made through the online marketplace and for which payment was processed by the online marketplace, either directly or through its payment processor.
III. "Online marketplace" means any person or entity that operates a consumer-directed electronically based or accessed platform that:
(a) Includes features that allow for, facilitate, or enable third-party sellers to engage in the sale, purchase, payment, storage, shipping, or delivery of a consumer product in the United States;
(b) Is used by one or more third-party sellers for such purposes; and
(c) Has a contractual or similar relationship with consumers governing their use of the platform to purchase consumer products.
IV. "Seller" means a person who sells, offers to sell, or contracts to sell a consumer product through an online marketplace’s platform.
V. "Third-party seller" means any seller, independent of an online marketplace, who sells, offers to sell, or contracts to sell a consumer product in the United States through an online marketplace. The term "third-party seller" shall not include, with respect to an online marketplace:
(a) A seller who operates the online marketplace’s platform; or
(b) A business entity that has:
(1) Made available to the general public the entity's name, business address, and working contact information;
(2) An ongoing contractual relationship with the online marketplace to provide the online marketplace with the manufacture, distribution, wholesaling, or fulfillment of shipments of consumer products; and
(3) Provided to the online marketplace identifying information, as described in RSA 358-T:2, that has been verified in accordance with that section.
VI. "Verify" means to confirm information provided to an online marketplace pursuant to this chapter, which may include the use of one or more methods that enable the online marketplace to reliably determine that any information and documents provided are valid, correspond to the seller or an individual acting on the seller’s behalf, not misappropriated, and not falsified.
358-T:2 Collection and Verification of Information by Online Marketplaces.
I. In general, online marketplaces shall require that any high-volume third-party seller on the online marketplace’s platform provide the online marketplace with the following information no later than 10 days after qualifying as a high-volume third-party seller on the platform:
(a) A bank account number, or, if the high-volume third-party seller does not have a bank account, the name of the payee for payments issued by the online marketplace to the high-volume third-party seller. The bank account or payee information required may be provided by the seller in the following ways:
(1) To the online marketplace; or
(2) To a payment processor or other third-party contracted by the online marketplace to maintain such information; provided that the online marketplace ensures that it can obtain such information on demand from such payment processor or other third-party.
(b) Contact information for high-volume third-party sellers as follows:
(1) If the high-volume third-party seller is an individual, the individual's name; or
(2) If the high-volume third-party seller is not an individual, one of the following forms of contact information:
(A) A copy of a valid government-issued identification for an individual acting on behalf of such seller that includes the individual's name; or
(B) A copy of a valid government-issued record or tax document that includes the business name and physical address of such seller.
(c) A business tax identification number or, if the high-volume third-party seller does not have a business tax identification number, a taxpayer identification number.
(d) A current working email address and phone number for the high-volume third-party seller.
II. An online marketplace shall:
(a) Periodically, but not less than annually, notify any high-volume third-party seller on such online marketplace’s platform of the requirement to keep any information collected under paragraph I current; and
(b) Require any high-volume third-party seller on such online marketplace’s platform to, not later than 10 days after receiving the notice under subparagraph (a), electronically certify that:
(1) The high-volume third-party seller has provided any changes to such information to the online marketplace, if such changes have occurred;
(2) There have been no changes to the high-volume third-party seller’s information; or
(3) The high-volume third-party seller has provided any changes to such information to the online marketplace.
III. In the event that a high-volume third-party seller does not provide the information or certification required, the online marketplace shall, after providing the seller with written or electronic notice and an opportunity to provide such information or certification not later than 10 days after the issuance of such notice, suspend any future sales activity of such seller until such seller provides such information or certification.
IV. In general, online marketplaces shall:
(a) Verify the information collected under paragraph I not later than 10 days after such collection; and
(b) Verify any changes to such information not later than 10 days after being notified of such change by a high-volume third-party seller under paragraph II.
V. In the case of a high-volume third-party seller that provides a copy of a valid government-issued tax document, any information contained in such document shall be presumed to be verified as of the date of issuance of such record or document.
VI. Data collected solely to comply with the requirements of this chapter may not be used for any other purpose unless required by law.
VII. An online marketplace shall implement and maintain reasonable security procedures and practices, including administrative, physical, and technical safeguards, appropriate to the nature of the data and the purposes for which the data will be used, to protect the data collected to comply with the requirements of this chapter from unauthorized use, disclosure, access, destruction, or modification.
358-T:3 Disclosure of Information by Online Marketplaces to Inform Consumers.
I. An online marketplace shall:
(a) Require any high-volume third-party seller with an aggregate total of $20,000 or more in annual gross revenues on such online marketplace, and that uses such online marketplace’s platform, to provide the information described in paragraph II to the online marketplace; and
(b) Disclose the information described in paragraph II to consumers in a conspicuous manner:
(1) In the order confirmation message or other document or communication made to a consumer after a purchase is finalized; and
(2) In the consumer’s account transaction history.
II. The information described in this paragraph is the following:
(a) Subject to paragraph III, the identity of the high-volume third-party seller, including:
(1) The full name of the seller, which may include the seller name or seller’s company name, or the name by which the seller or company operates on the online marketplace;
(2) The physical address of the seller; and
(3) Contact information for the seller, to allow for the direct, unhindered communication with high-volume third-party sellers by users of the online marketplace, including:
(A) A current working phone number;
(B) A current working email address; or
(C) Other means of direct electronic messaging, which may be provided to the high-volume third-party seller by the online marketplace.
(b) Whether the high-volume third party seller used a different seller to supply the consumer product to the consumer upon purchase, and, upon the request of an authenticated purchaser, the information described in subparagraph (a) relating to any such seller that supplied the consumer product to the purchaser, if such seller is different than the high-volume third party seller listed on the product listing prior to purchase.
III.(a) Subject to subparagraph (b), upon the request of a high-volume third-party seller, an online marketplace may provide for partial disclosure of the identity information required under subparagraph II(a) in the following situations:
(1) If the high-volume third-party seller certifies to the online marketplace that the seller does not have a business address and only has a residential street address, or has a combined business and residential address, the online marketplace may:
(A) Disclose only the country and, if applicable, the state in which the high-volume third-party seller resides; and
(B) Inform consumers that there is no business address available for the seller and that consumer inquiries should be submitted to the seller by phone, email, or other means of electronic messaging provided to such seller by the online marketplace.
(2) If the high-volume third-party seller certifies to the online marketplace that the seller is a business that has a physical address for product returns, the online marketplace may disclose the seller's physical address for product returns.
(3) If a high-volume third-party seller certifies to the online marketplace that the seller does not have a phone number other than a personal phone number, the online marketplace shall inform consumers that there is no phone number available for the seller and that consumer inquiries should be submitted to the seller's email address or other means of electronic messaging provided to such seller by the online marketplace.
(b) If an online marketplace becomes aware that a high volume third-party seller has made a false representation to the online marketplace in order to justify the provision of a partial disclosure under subparagraph (a) or that a high-volume third-party seller who has requested and received a provision for a partial disclosure under subparagraph (a) has not provided responsive answers within a reasonable timeframe to consumer inquiries submitted to the seller by phone, email, or other means of electronic messaging provided to such seller by the online marketplace, the online marketplace shall, after providing the seller with written or electronic notice and an opportunity to respond not later than 10 days after the issuance of such notice, suspend any future sales activity of such seller unless such seller consents to the disclosure of the identity information required under subparagraph II(a).
III. An online marketplace shall disclose to consumers in a clear and conspicuous manner on the product listing of any high-volume third-party seller, a reporting mechanism that allows for electronic and telephonic reporting of suspicious marketplace activity to the online marketplace.
IV. If a high-volume third-party seller does not comply with the requirements to provide and disclose information under this subsection, the online marketplace shall, after providing the seller with written or electronic notice and an opportunity to provide or disclose such information not later than 10 days after the issuance of such notice, suspend any future sales activity of such seller until the seller complies with such requirements.
358-T:4 Enforcement. Any violation of the provisions of this chapter is an unfair or deceptive act or practice within the meaning of RSA 358-A:2. Any right, remedy, or power given to the attorney general in RSA 358-A may be used to enforce the provisions of this chapter.
358-T:5 Rulemaking. The attorney general may adopt rules under RSA 541-A relative to the collection and verification of information under this chapter, provided that such regulations are limited to what is necessary to collect and verify such information.
358-T:6 Preemption. No political subdivision shall establish, mandate, or otherwise require online marketplaces to verify information from high-volume third-party sellers on a one-time or ongoing basis or disclose information to consumers.
8 Contingency. If the attorney general certifies to the director of the office of legislative services that H.R. 5502 (117th Congress (2021-2022)) or similar federal legislation requiring online marketplaces to verify and disclose certain information has become law prior to January 1, 2023, section 7 of this act shall not take effect. If H.R. 5502 or similar federal legislation requiring online marketplaces to verify and disclose certain information does not become law, section 7 of this act shall take effect January 1, 2023.
I. Sections 3-5 of this act shall take effect July 1, 2022.
II. Section 7 of this act shall take effect as provided in section 8 of this act.
III. Section 8 of this act shall take effect upon its passage.
IV. The remainder of this act shall take effect 60 days after its passage.
22-2019
Amended 4/26/22
HB 1662-FN- FISCAL NOTE
AS AMENDED BY THE HOUSE (AMENDMENT #2022-1134h)
AN ACT related to privacy obligations of the department of health and human services.
FISCAL IMPACT: [ X ] State [ ] County [ ] Local [ ] None
| Estimated Increase / (Decrease) | |||
STATE: | FY 2022 | FY 2023 | FY 2024 | FY 2025 |
Appropriation | $0 | $137,480 | $0 | $0 |
Revenue | $0 | $0 | $0 | $0 |
Expenditures | $0 | $137,000 general funds; $91,000 federal funds | $139,000 general funds; $91,000 federal funds | $146,000 general funds; $96,000 federal funds |
Funding Source: | [ X ] General [ ] Education [ ] Highway [ X ] Other - Federal Funds | |||
METHODOLOGY:
This bill establishes a Data Privacy and Information Technology Governance Board within the Department of Health and Human Services to oversee data privacy risk calculation and risk mitigation efforts. The bill establishes two full-time classified positions (Business Systems Analyst II, Labor Grade 30) for the purposes of implementing mitigation efforts and other necessary updates. The Department anticipates that in total, these positions will cost $228,000 ($137,000 general funds / $91,000 federal funds) in FY23, $230,000 ($139,000 general funds / $91,000 federal funds) in FY24, and $242,000 ($146,000 general funds, $96,000 federal funds) in FY25. The bill contains a general fund appropriation of $137,480 in FY23, which is expected to be the exact cost of salary and benefits in that fiscal year.
AGENCIES CONTACTED:
Department of Health and Human Services
