I. Relying parties shall only retain electronic credential data elements for which the relying party explicitly obtained consent from the electronic credential holder. Relying parties shall inform the electronic credential holder of the use and retention period of the electronic data elements and comply with RSA 507-H.
II. The electronic credential system shall be designed to maximize the privacy of the credential holder and comply with RSA 507-H, as well as any other applicable state and federal laws, and shall not track or compile information without the credential holder's actual consent. The division shall only compile and/or disclose information regarding use of the credential as required by RSA 507-H and other applicable state or federal laws.