Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)
The Data Transparency and Privacy Protection Act mainly targets for-profit businesses operating in Rhode Island or those offering products or services to Rhode Island residents.
Is Complying with RIDTPPA Mandatory?
It applies to companies that, in the previous calendar year:
Controlled or processed personal data of at least 35,000 customers, excluding data processed solely for payment transactions.
Controlled or processed personal data of at least 10,000 customers and derived over 20% of their gross revenue from selling personal data.
What are the penalties for not complying with RIDTPPA?
Penalties for violating the RIDTPPA can be significant. They constitute a violation of the state’s consumer protection law, which imposes a $10,000 penalty per violation on the business. In addition, if a violator is found to have intentionally disclosed personal information in violation of the RIDTPPA, the state Attorney General can fine the organization between $100 and $500 per violation.