Can I disclose personal information for a business purpose without complying with CCPA in Rhode Island? What are the requirements?

Based on the Rhode Island Data Transparency and Privacy Protection Act, you cannot disclose personal information for a business purpose without complying with the act. The act provides data privacy protections for the personal identifiable information of Rhode Islanders, and it requires businesses to inform customers about what kinds of personally identifiable information is shared with other businesses. Customers must be able to knowledgeably choose to opt-in, opt-out, or choose among businesses that disclose personally identifiable information to third parties on the basis of how protective the business is of customers’ privacy. The act also defines “disclose” as selling, releasing, transferring, sharing, disseminating, making available, or otherwise communicating orally, in writing, or by electronic means or any other means to any individual or third party in exchange for anything of value. However, there are some exceptions to the definition of “disclose,” such as disclosure to an affiliate, disclosure of personally identifiable information by any entity to a third party under a written contract authorizing the third party to utilize the personally identifiable information to perform services on behalf of such entity, and disclosure of personally identifiable information by a business to a third party based on a good-faith belief that disclosure is required to comply with applicable law, regulation, legal process, or court order. ^[1]

Source(s):

• [1] AN ACT RELATING TO COMMERCIAL LAW – GENERAL REGULATORY PROVISIONS – RHODE ISLAND DATA TRANSPARENCY AND PRIVACY PROTECTION ACT (Provides data privacy protections for the personal identifiable information of Rhode Islanders.)

Jurisdiction

Rhode Island

• Privacy