Can you summarize RIGL 11-49.3-6?

Short Summary

This section of the State of Rhode Island General Laws, specifically the Identity Theft Protection Act of 2015, governs the security breach notification requirements for municipal agencies, state agencies, and persons. It states that these entities can be deemed in compliance with the notification requirements if they maintain their own security breach procedures as part of an information security policy and notify affected individuals in the event of a breach. Alternatively, compliance can be achieved by following the rules, regulations, procedures, or guidelines established by the primary or functional regulator. The section also mentions that financial institutions, trust companies, credit unions, and their affiliates that comply with the Federal Interagency Guidelines on Response Programs for Unauthorized Access to Customer Information and Customer Notice are considered in compliance. Similarly, healthcare providers, healthcare service plans, health insurers, and covered entities governed by the medical privacy and security rules issued by the federal Department of Health and Human Services are deemed in compliance. The section does not specify any penalties for non-compliance or violations.

Whom does it apply to?

Municipal agencies, state agencies, persons, financial institutions, trust companies, credit unions, healthcare providers, healthcare service plans, health insurers, covered entities governed by HIPAA

What does it govern?

Security breach notification requirements

What are exemptions?

No exemptions are mentioned.

What are the Penalties?

Not specified.

Jurisdiction

Rhode Island

Source

RIGL 11-49.3-6 [https://reggi.cloud.regology.com/regulations/US-RIGL/US-RIGL_T_11_C_49.3_S_6]

• Banking