Mandated Timeframe for Breach Reporting and/or Consumer Notification

Within 45 days
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Third Party: Specific Obligations
  • Third Party: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws from $100 to $200 per record

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Third Party Management
  • Data Protection
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Breach reporting to the Attorney General and the major credit reporting agencies is required if more than 500 Rhode Island residents are to be notified of a breach.
  • Specific consumer notification details are required.
  • In addition to penalties of up to $200 per record for violations involving breach notification and reporting, the Attorney General may bring an action in the name of the state, against the business or person in violation.
  • Violations of the Safe Destruction of Documents Containing Personal Information law could have civil penalties of $500 per violation, up to $50,000.
  • Data owners and contracted vendors are required to implement and maintain reasonable security procedures and practices to protect personal information.
  • Employers should permit an employee to inspect personnel files.
  • If vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
  • RI Gen L §§ 11-49.3-1 – 11-49.3-6  Identity Theft Protection Act (2016)

    RI Gen L § 6-52-2  Safe Destruction of Documents Containing Personal Information (2012)

    RI Gen L § 28-6.4-1  Inspection of Personnel Files (2012)

BAck to map