‘Identity Theft Protection’ Legislation Signed into Law

Sen. Louis P. DiPalma’s and Rep. Stephen R. Ucci’s ‘Identity Theft Protection Act of 2015’ legislation was signed into Rhode Island law this morning by Governor Gina M. Raimondo during a ceremonial bill signing at the State House.

“We live in a world where so much, if not all, of our personal information floats around in cyberspace, often with completely inadequate protections.  This is the reality of our times,” said Senator DiPalma (D-Dist. 12, Middletown, Newport, Little Compton, Tiverton).  “The intent of this legislation is to set standards and to protect that vital information from those who wish to do harm or profit from the most personal details of our lives.”

The legislation (2015-S 0134 and 2015-H 5220) was crafted after working alongside a coalition of law enforcement, legal, technological, communication and finance industry professionals, academics and others for months to form a bill that would better protect citizens from identity theft and govern the steps that businesses and other entities must take to prevent the theft of personal information from their systems.

Under the Identity Theft Protection Act of 2015, anyone who stores, collects, processes, maintains, acquires, uses, licenses or owns personal information about a Rhode Island resident will be required to implement reasonable security procedures and practices appropriate to the nature of the information and to protect personal information from unauthorized access, use, modification, destruction or disclosure of that personal information. It requires swift notification whenever there is a breach in the security system protecting personal information that poses a risk of identity theft to any Rhode Islander.

“These days, with a few keystrokes, a person’s life can change dramatically for the worse overnight. Hopefully though, this legislation can help many Rhode Islanders avoid this troubling scenario,” said Rep. Ucci (D-Dist. 42, Johnston, Cranston).  “I believe that the standards, definitions and procedures set forth in this legislation will provide the adequate data protections needed for this ever changing digital world.  And, if there is a breach in data security, this legislation clearly states the actions that need to take place in order to rectify the problem as quickly and painlessly as possible.  We will probably have to update this legislation again in the future, but, for now, I believe this bill will provide Rhode Islanders with the best chance of keeping their personal information private, secure and away from those with malicious intentions.”

The legislation also addresses ambiguities in the existing law, for instance clarifying that municipal agencies are subject to its provisions. It also specifies that those whose information was subject to the breach be notified no later than 45 calendar days after its discovery, instead of “in the most expedient time possible,” as the current law states, and includes information about what must be included in that notice. It also requires that the entity notify the attorney general and major credit reporting agencies immediately, and must cooperate with all federal, state or municipal law enforcement agencies investigating the breach.  It adds medical information, health insurance information and email addresses when acquired with their passwords or other access codes into the current definition of the “personal information” protected by the act.

Co-sponsors of the legislation included, Senate Judiciary Committee Chairman Michael J. McCaffrey (D-Dist. 29, Warwick), Senate Minority Leader Dennis L. Algiere (R-Dist. 38,Westerly, Charlestown, South Kingstown), Sen. Cynthia A. Coyne (D-Dist. 32, Barrington,Bristol, East Providence), Sen. Frank S. Lombardi (D-Dist. 26, Cranston), Rep. Aaron Regunberg (D-Dist. 4, Providence), Rep. Thomas Winfield (D-Dist. 53, Smithfield, Glocester), Rep. Arthur J. Corvese (D-Dist. 55, North Providence) and Rep. Robert A. Nardolillo III (R-Dist. 28, Coventry).