Can you summarize RIGL 11-49.3-4?

Short Summary

The Identity Theft Protection Act of 2015, under the State of Rhode Island General Laws, requires municipal agencies, state agencies, and persons that handle personal information to provide notification of any disclosure of personal information or breach of security that poses a significant risk of identity theft to Rhode Island residents. The notification must be made within 45 calendar days after confirmation of the breach and the ability to ascertain the required information. If more than 500 residents are affected, the attorney general and major credit reporting agencies must be notified. Notification may be delayed if it would impede a criminal investigation. Failure to provide notification may result in liability. The notification to individuals must include a description of the incident, the type of information subject to the breach, dates of the breach, remediation services offered, and information on filing a police report and requesting a security freeze.

Whom does it apply to?

Municipal agencies, state agencies, and persons that store, own, collect, process, maintain, acquire, use, or license data that includes personal information

What does it govern?

Notification of breach

What are exemptions?

Notification may be delayed if a federal, state, or local law enforcement agency determines that the notification will impede a criminal investigation.

What are the Penalties?

Liability for a violation as set forth in 11-49.3-5

Jurisdiction

Rhode Island

Source

RIGL 11-49.3-4 [https://reggi.cloud.regology.com/regulations/US-RIGL/US-RIGL_T_11_C_49.3_S_4]

• Banking