{"id":5093,"date":"2024-07-12T12:02:00","date_gmt":"2024-07-12T18:02:00","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=resource&p=5093"},"modified":"2024-09-26T12:30:47","modified_gmt":"2024-09-26T18:30:47","slug":"rhode-island-data-transparency-and-privacy-protection-act","status":"publish","type":"resource","link":"https:\/\/trustarc.com\/resource\/rhode-island-data-transparency-and-privacy-protection-act\/","title":{"rendered":"Unveiling the Rhode Island Data Transparency and Privacy Protection Act"},"content":{"rendered":"\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t\tarticle<\/strong>\n\t\t\t\t\t\t\t\t\t\t

Unveiling the Rhode Island Data Transparency and Privacy Protection Act<\/h1>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\"\"\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\tGurleen Tak<\/strong>\n\t\t\t\t\t\t\t\t\t\t\t\tPrivacy Knowledge Researcher<\/span>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/a>\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Why data privacy matters more than ever<\/h2>\n

In an era where data breaches and privacy concerns dominate the headlines, protecting customer information has never been more critical. Enter the Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)<\/a>, set to take effect January 1, 2026.<\/p>\n

Delve into the RIDTPPA’s key aspects, explaining why it matters, what it means for your business, and how you can turn compliance into a competitive advantage.<\/p>\n

What the Rhode Island Data Privacy Act means for your business<\/h2>\n

Understanding the scope and applicability of the RIDTPPA<\/h3>\n

The RIDTPPA applies to for-profit entities that conduct business in Rhode Island or offer products or services to state residents. Specifically, it targets businesses that control or process personal data of at least 35,000 customers (excluding payment transaction data) or 10,000 customers if over 20% of their gross revenue comes from selling personal data.<\/p>\n

If your business falls into these categories, it’s time to start preparing for compliance.<\/p>\n

Additionally, the RIDTPPA applies to commercial websites or Internet service providers that collect, store, and sell customers’ personally identifiable information (PII). These entities must designate a data controller and identify all categories of personal data collected and third parties to whom the PII has been or may be sold. Compliance with these requirements ensures transparency and protects consumer privacy.<\/p>\n

Exemptions and special cases<\/h3>\n

The RIDTPPA exempts specific types of information, such as protected health information under HIPAA,<\/a> data regulated by the Fair Credit Reporting Act, and employment-related data used solely for benefits administration.<\/p>\n

The exemptions structure is unique to Rhode Island which are divided into two primary categories:<\/strong><\/p>\n

    \n
  1. Commercial Websites and Internet Service Providers (ISPs) that collect, store, and sell customers\u2019 PII hav obligations, such as designating a data controller; identifying collected personal data categories; disclosing third-party data sales; and providing an active email or online contact for customers. Exemptions from these obligations include higher education institutions, nonprofit organizations, National Security Agency (NSA), government bodies, financial institutions, and covered entities.<\/li>\n
  2. For-profit businesses that meet specific thresholds must comply with obligations, including conducting a DPIA, documenting data protection policies, and ensuring transparency in data processing and consumer rights. Exemptions from these broader obligations, include financial institutions and government contractors or agents in their government roles.<\/li>\n<\/ol>\n

    Key provisions of the RIDTPPA: A closer look<\/h2>\n

    Empowering consumers: A new era of data rights<\/h3>\n

    The RIDTPPA grants Rhode Island residents several rights regarding their personal data. These include the right to:<\/p>\n