STATE STATUTES & CODES
- Alabama
- Alaska
- Arizona
- Arkansas
- California
- Connecticut
- Delaware
- District of Columbia
- Florida
- Georgia
- Hawaii
- Idaho
- Illinois
- Indiana
- Iowa
- Kansas
- Kentucky
- Louisiana
- Maine
- Maryland
- Massachusetts
- Michigan
- Minnesota
- Mississippi
- Missouri
- Montana
- Nebraska
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- North Carolina
- North Dakota
- Ohio
- Oklahoma
- Oregon
- Pennsylvania
- Rhode Island
- South Carolina
- South Dakota
- Tennessee
- Texas
- Utah
- Vermont
- Virginia
- Washington
- West Virginia
- Wisconsin
- Wyoming
RHODE ISLAND STATUTES AND CODES
§ 11-49.2-3 - Notification of breach.
SECTION 11-49.2-3
§ 11-49.2-3 Notification of breach. –(a) Any state agency or person that owns, maintains or licenses computerizeddata that includes personal information, shall disclose any breach of thesecurity of the system which poses a significant risk of identity theftfollowing discovery or notification of the breach in the security of the datato any resident of Rhode Island whose unencrypted personal information was, oris reasonably believed to have been, acquired by an unauthorized person or aperson without authority, to acquire said information. The disclosure shall bemade in the most expedient time possible and without unreasonable delay,consistent with the legitimate needs of law enforcement, as provided insubdivision (c), or any measures necessary to determine the scope of the breachand restore the reasonable integrity of the data system.
(b) Any state agency or person that maintains computerizedunencripted data that includes personal information that the state agency orperson does not own shall notify the owner or licensee of the information ofany breach of the security of the data which poses a significant risk ofidentity theft immediately, following discovery, if the personal informationwas, or is reasonably believed to have been, acquired by an unauthorized person.
(c) The notification required by this section may be delayedif a law enforcement agency determines that the notification will impede acriminal investigation. The notification required by this section shall be madeafter the law enforcement agency determines that it will not compromise theinvestigation.
(d) The notification must be prompt and reasonable followingthe determination of the breach unless otherwise provided in this section. Anystate agency or person required to make notification under this section and whofails to do so promptly following the determination of a breach or receipt ofnotice from law enforcement as provided for is subsection (c) is liable for afine as set forth in § 11-49.2-6.