New Hampshire House Bill 1680 would apply to any business that (1) has annual gross revenues of more than $25 million, (2) alone or in combination, annually buys, receives for the
business’s commercial purposes sells, or shares for commercial purposes, the personal information of 50,000+ state residents, households, or devices, or (3) derives more than 50 percent of their annual revenue from the sale of personal
data. Personal data subject to HIPAA and certain other laws are exempted, but data subject to FERPA are not currently included in those exemptions. If approved, New Hampshire House Bill 1680 would go into effect January 1, 2021.