Prepare Now for Sweeping Changes to Rhode Island's Identity Protection Law

On June 26, 2015, Rhode Island Governor Gina Raimondo signed the "Rhode Island Identity Theft Protection Act of 2015" ("Act"), substantially reworking Rhode Island's 2005 data breach and identity protection laws. Although it does not formally take effect until June of 2016, it is important for businesses to be aware of the Act's key provisions and to take proactive measures to ensure timely compliance.

The Act generally applies to any business, person, entity, or municipality that collects and stores "personal information," such as a person's first name (or initial) and last name in connection with the following types of additional data:

  • Social security number;
  • Driver's license number, Rhode Island identification card number, or tribal identification number;
  • Account number, credit, or debit card number, in combination with any required security code, access code, password, or personal information number (e.g., a "PIN") permitting access to an individual's financial account;
  • Medical or health insurance information; or
  • E-mail address with any required security code, access code, or permitting access to an individual's personal, medical, insurance or financial accounts.

Persons or companies subject to the Act must implement and maintain a risk-based information security program that contains reasonable security procedures and practices in light of the size and scope of the organization, the type of information stored, and the reasons why the information was stored and collected. This program must ensure that the information stored is kept confidential and protected from unauthorized access, use, modification, destruction, or disclosure.

The Act also imposes strict obligations for swift action in the event of data breaches, which pose a "significant risk of identify theft" to any Rhode Island resident whose personal information was, or is reasonably believed to have been, acquired by an unauthorized person or entity. Although these notifications must occur as soon as possible, the Act sets an outside limit of 45 calendar days for the entity to make this notification. The Act also sets forth the particular requirements for the notification, and if there are more than 500 Rhode Islanders to be notified of a breach, the Act requires immediate disclosure of the breach to the Rhode Island Attorney General and the major credit reporting agencies.

Entities that recklessly violate the Act can face severe penalties, including civil fines of up to $100 per breached record. Any knowing or willful violations of the Act carry a $200 penalty per breached record. Further, if the Attorney General's office has reason to believe that a person or entity has violated the Act, prosecutors are authorized to file legal proceedings against suspected violators.

In summary, the Act provides sweeping changes to Rhode Island law. It's reasonably likely that many previously implemented data protection policies and procedures will not be compliant with the new Act, and affected individuals, businesses and municipalities are well-advised to revisit old policies to ensure compliance by 2016.

For more information or assistance with your company's policy, please contact PLDO Partner Brian Lamoureux at 401-824-5100 or email bjl@pldolaw.com.

No Comments

Leave a comment
Comment Information

Contact Our Firm And Schedule A Consultation

Work with our experienced team of lawyers. Call 866-353-3310 or email us today to schedule a consultation.

View Office Locations

Bold labels are required.

Contact Information
disclaimer.

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.

close
Email Us For A Response

Rhode Island
Northwoods Office Park
1301 Atwood Ave.
Suite 215 N
Johnston, RI 02919

Toll Free: 866-353-3310
Phone: 401-824-5100
Fax: 401-824-5123
Map & Directions

Wells Fargo Plaza
925 South Federal Highway
Suite 715
Boca Raton, FL 33432

Phone: 561-362-2030
Fax: 866-353-5020
Map & Directions

777 South Flagler Drive
Suite 800 - West Tower
West Palm Beach, FL 33401

Phone: 561-362-2030
Fax: 866-353-5020
Map & Directions

Massachusetts
75 Arlington Street
Suite 500
Boston, MA 02116

Toll Free: 866-353-3310
Fax: 866-353-5020
Map & Directions

901 Main Street
Suite O
Osterville, MA 02655

Phone: 508-420-7159
Fax: 508-420-7162
Map & Directions