Amends the Identity Theft Protection Act by eliminating current definitions and establishing new definitions. This act also raises the penalty provisions for violations.
Impact
The proposed changes will significantly impact the obligations of municipal and state agencies, as well as private entities handling personal information. The act requires that these organizations implement a risk-based information security program to safeguard personal data. Additionally, any agency or entity that suffers a data breach will now have stricter timelines for notification to the affected individuals and regulatory bodies to mitigate risks associated with identity theft. The bill ensures that effective protective measures must be taken to prevent unauthorized access, use, or disclosure of sensitive information.
Summary
Senate Bill S1037, known as the amended Identity Theft Protection Act of 2015, aims to strengthen the protections against identity theft for Rhode Island residents by updating key definitions and enhancing penalties for violations. The bill eliminates outdated definitions and introduces a more precise categorization of what constitutes 'personally identifiable information.' This ensures better clarity and alignment with current technological standards, which is critical in an era of increasing data breaches and cyber threats.
Sentiment
General sentiment around S1037 appears to be positive, with a strong consensus among legislative members on the need for updated cybersecurity measures. Supporters argue that the legislation addresses the growing concern of identity theft and promotes responsible data management practices among organizations. However, there are underlying concerns regarding the balancing act of ensuring personal data protection while not placing undue burdens on small businesses and local agencies that may struggle to meet extensive cybersecurity requirements.
Contention
Notably, one of the primary points of contention stems from the bill's increased penalties for violations related to breaches of personal information. Critics argue that the penalties may be overly punitive and could deter organizations from adequately addressing cybersecurity measures due to fear of financial repercussions. There are ongoing discussions about crafting provisions that protect individuals' data without compromising the operational capacities of agencies and entities that handle such information, balancing the need for robust security with feasible compliance.
Amends the statutory provisions regarding domestic and foreign insurers and insurer examinations to provide provisions with regard to cybersecurity events involving Rhode Island consumers.
Amends the statutory provisions regarding domestic and foreign insurers and insurer examinations to provide provisions with regard to cybersecurity events involving Rhode Island consumers.
Amends several provisions relative the powers and duties of the PUC and requires the submission by utilities of integrated distribution system plans identifying solutions to reduce greenhouse gases.
Amends outdated provisions of the banking statutes and the home loan protection act, adds consumer protections, including minimum capital requirements and limits on investments, for currency transmitters, including crypto currency.
Amends the Identity Theft Protection Act by eliminating current definitions and establishing new definitions. This act also raises the penalty provisions for violations.
Requires businesses in financial essential infrastructure, and health care industries to develop cybersecurity plans and report cybersecurity incidents.