RHODE ISLAND
FINES & PENALTIES
Violations
Up to $200 per record
BREACH NOTIFICATION
Mandated Timeframe
Within 45 days
BREACH REPORTING
Breach reporting to the Attorney General and the major credit reporting agencies is required if more than 500 Rhode Island residents are to be notified of a breach. Specific notification details are required.
CONSUMER NOTIFICATION
If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside
FINES & PENALTIES
In addition to penalties of up to $200 per record for violations involving breach notification and reporting, the Attorney General may bring an action in the name of the state, against the business or person in violation. Violations of the Safe Destruction of Documents Containing Personal Information law could have civil penalties of $500 per violation, up to $50,000.
PRIVACY PROGRAM
Organizations must contract with Vendors to whom the Organization discloses personal information. Organizations and Vendors are required to have in place security procedures and practices to protect personal information. Organizations and Vendors in the business of destroying records must have measures in place for the destruction of records containing personal information so the records are unreadable or undecipherable. Vendors must ensure the protection of personal information during disposal.
VENDOR/3RD PARTIES
If a Vendor is breached, they should notify the Organization. The Organization will be responsible to complete the reporting and consumer notification.