Can I collect personal information from my customers in California in Rhode Island? What are the requirements?

Collecting Personal Information of California Customers in Rhode Island

If you are collecting personal information of California customers in Rhode Island, you must comply with the California Consumer Privacy Act (CCPA) and the Rhode Island Identity Theft Protection Act (RITPA).

Under CCPA, businesses that collect personal information of California residents must provide them with certain notices, including a notice at or before the point of collection that describes the categories of personal information to be collected and the purposes for which the categories of personal information shall be used ^[2.1].

Under RITPA, a municipal agency, state agency, or person who or that stores, collects, processes, maintains, acquires, uses, owns, or licenses personal information about a Rhode Island resident shall implement and maintain a risk-based information security program that contains reasonable security procedures and practices appropriate to the size and scope of the organization; the nature of the information; and the purpose for which the information was collected in order to protect the personal information from unauthorized access, use, modification, destruction, or disclosure and to preserve the confidentiality, integrity, and availability of such information ^[1.1].

Therefore, if you are collecting personal information of California customers in Rhode Island, you must provide them with a notice at or before the point of collection that describes the categories of personal information to be collected and the purposes for which the categories of personal information shall be used, and implement and maintain a risk-based information security program that contains reasonable security procedures and practices appropriate to the size and scope of the organization; the nature of the information; and the purpose for which the information was collected in order to protect the personal information from unauthorized access, use, modification, destruction, or disclosure and to preserve the confidentiality, integrity, and availability of such information.

^[1.1]: Rhode Island Identity Theft Protection Act (RITPA) ^[2.1]: California Consumer Privacy Act (CCPA)

Source(s):

• [1.1] Risk-based information security program.
• [2.1] Registration applications and requirements.

Jurisdiction

California, Rhode Island

• Privacy