Rhode Island

Subscribe to Rhode Island via RSS

On January 1, 2026, broad new privacy laws will take effect in Kentucky, Indiana, and Rhode Island, granting consumers in those states greater control over their personal data. With these additions, 19 states now have comprehensive privacy laws in place, which is a significant shift in the data privacy landscape since California led the way in 2018 with the

On December 17, 2025, a bipartisan group of 23 Attorneys General from the states of Arizona, California, Colorado, Connecticut, Delaware, Hawai’i, Illinois, Maine, Maryland, Massachusetts, Minnesota, Nevada, New Jersey, New Mexico, North Carolina, Oregon, Rhode Island, Tennessee, Utah, Vermont, Washington, Wisconsin, and the  District of Columbia, sent a comment letter to the Federal Communications Commission

Reproductive health privacy is once again in the legal spotlight with a recent federal district court decision that struck down nearly all of a recent rule under the Health Insurance Portability and Accountability Act (HIPAA) that protected reproductive healthcare-related information privacy.

In a ruling issued on June 18, 2025, in Purl v. Department of Health

This week, I received a fake text message (a smish) saying my E-ZPass account was overdue and that I urgently needed to pay it. That’s a new one and, apparently, quite effective. Luckily, I knew it was a scam, but others were victimized.

According to the website Krebs on Security, security researchers “say the

Some writers (not from my great state of Rhode Island) act like Rhode Island has been behind the times when it comes to data privacy and security when discussing the state’s new privacy law. I feel a need to explain that this is just not so. Rhode Island is not a laggard when it comes to data privacy.

Rhode Island has had a data privacy law on its books for a long time, though it was not called a privacy law. It was the Rhode Island Identity Theft Protection Act, which was enacted in 2015. It was designed to protect consumers’ privacy and provide data breach notification. It was amended to include data security requirements in the footsteps of the then-novel Massachusetts data security regulations. It was a one-stop shop for data privacy, security, and breach notification. Still, it did not provide individuals the right to access or delete data and was not as robust as new data privacy laws. Rhode Island was an early state to include health information in its definition of personal information that requires breach notification in the event of unauthorized access, use, or disclosure of health information. Many states still do not include health information in the definition of breach notification.

But just so the record is clear, consumer protection has been in the DNA of Rhode Island’s laws for many years, and the new privacy law was an expansion of previous efforts to protect consumers.

The new privacy law in Rhode Island expands the privacy protections for consumers and is the latest in a wave of privacy laws being enacted in the United States. As of this writing, 19 states have new privacy laws, and Rhode Island makes it 20.

All of the privacy laws are fairly similar, except for California, which is the only state to date that provides for a private right of action in the event of a data breach (with requirements prior to the filing of a lawsuit).

That said, for those readers who will fall under the Rhode Island law and are in my home state, here are the details of the law (the Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)) of which you should be aware:

Continue Reading Rhode Island’s New Data Privacy Law

The Rhode Island General Assembly amended the state’s data breach law, known as the Rhode Island Identity Theft Protection Act (Act) that makes significant changes to notification requirements for state and municipal agencies in the event of a data breach.

The Act requires state agencies and municipalities to notify the State Police of an incident

Massachusetts Governor Charlie Baker and Rhode Island Governor Dan McKee recently announced that they are considering implementing vaccine passport programs in their respective states. Baker stated that he is working with other states to use a QR code system that allows users to scan to verify vaccination status. In Rhode Island, the Department of Health

Two more state governors, those of Maine and North Dakota, have signed bills into law that adopt the National Association of Insurance Commissioners (NAIC) data security model law (Model Law). Maine and North Dakota join several other states that have already passed similar laws. Hawaii, Idaho, Illinois, Iowa, Minnesota, Rhode Island, and Wisconsin have similar