The Rhode Island Legislature enacted the Data Transparency and Privacy Protection Act (RI-DTPPA) on July 1, 2024, set to take effect on January 1, 2026. This comprehensive data privacy law responds to increasing concerns about digital privacy and security. It introduces new obligations for businesses to enhance transparency in data collection and provide consumers with greater control over their personal information.
The RI-DTPPA mandates that businesses clearly disclose their data collection practices, obtain explicit consent before collecting or sharing sensitive personal data, and implement stringent data security measures. It also requires businesses to allow consumers to access, correct, and delete their data and to notify them promptly in case of a data breach. The law targets a wide range of businesses, including those collecting or processing personal data from Rhode Island residents, regardless of their location.
Companies that either control or process personal data of at least 35,000 customers or derive over 20% of their revenue from data sales are specifically impacted. Non-compliance with the RI-DTPPA can result in substantial fines, legal actions, and reputational damage. The law’s broad scope means it affects many businesses, including small and large entities, online providers, and brick-and-mortar establishments.
The RI-DTPPA aligns Rhode Island with other states that have enacted data protection laws but introduces specific requirements and risks unique to the state. Businesses operating in or interacting with Rhode Island residents must navigate these new regulations carefully to avoid potential legal and financial consequences while contributing to stronger consumer privacy protections.