Amends the Identity Theft Protection Act by eliminating current definitions and establishing new definitions. This act also raises the penalty provisions for violations.
Impact
One significant aspect of H6346 is its requirement for municipal and state agencies to establish and maintain a risk-based information security program. This program must align with current best practices of an approved cybersecurity framework and define reasonable security procedures to protect personal data. Moreover, the bill mandates timely notification to affected individuals in the event of a data breach, reinforcing the accountability of agencies responsible for handling personal information.
Summary
House Bill H6346 aims to amend the Identity Theft Protection Act of 2015 by redefining key terms and increasing penalties for violations. Notably, the bill eliminates outdated definitions such as 'classified data' and 'personal information', replacing them with a clarified term 'personally identifiable information'. This amendment seeks to strengthen protection measures regarding personal data in light of evolving cybersecurity threats, thereby enhancing the overall framework of identity theft protections in Rhode Island.
Contention
While the overall intent of the bill appears beneficial in improving data security, there may be contention surrounding the effectiveness and feasibility of the notification requirements. Critics could argue that the strict timelines for notifications could impose additional burdens on entities that could already be struggling to manage cybersecurity incidents. The bill also increases penalties for violations, which some may view as excessively punitive, especially for smaller agencies or businesses.
Amends the statutory provisions regarding domestic and foreign insurers and insurer examinations to provide provisions with regard to cybersecurity events involving Rhode Island consumers.
Amends the statutory provisions regarding domestic and foreign insurers and insurer examinations to provide provisions with regard to cybersecurity events involving Rhode Island consumers.
Amends outdated provisions of the banking statutes and the home loan protection act, adds consumer protections, including minimum capital requirements and limits on investments, for currency transmitters, including crypto currency.
Amends outdated provisions of the banking statutes and the home loan protection act, adds consumer protections, including minimum capital requirements and limits on investments, for currency transmitters, including crypto currency.
Amends several provisions relative the powers and duties of the PUC and requires the submission by utilities of integrated distribution system plans identifying solutions to reduce greenhouse gases.
Amends the Identity Theft Protection Act by eliminating current definitions and establishing new definitions. This act also raises the penalty provisions for violations.
Requires businesses in financial essential infrastructure, and health care industries to develop cybersecurity plans and report cybersecurity incidents.
Implementing additional reporting requirements for information technology projects and state agencies, requiring additional information technology security training and status reports, requiring reporting of significant cybersecurity audits and changing the membership requirements, terms of members and the quorum requirements for the information technology executive council.