Loading chat...
RI S2638
Bill
Status
2/27/2026
Primary Sponsor
Victoria Gu
Click for details
AI Summary
-
Replaces "personal information" with "personally identifiable information" (PII), expanding the definition to include biometric data and internet data that can distinguish or trace an individual's identity
-
Requires municipal agencies, state agencies, and persons handling Rhode Island residents' PII to implement risk-based security programs meeting industry-recognized cybersecurity framework best practices
-
Mandates breach notifications within 30 calendar days for government agencies and 45 calendar days for private entities, with required notification to the Division of Enterprise Technology Strategy and Services (ETSS) in addition to the attorney general
-
Requires state and municipal agencies to report cybersecurity incidents to Rhode Island State Police within 24 hours, who must then notify ETSS within 24 hours or the next business day
-
Effective date: July 1, 2026
Legislative Description
Amends the Identity Theft Protection Act by eliminating current definitions and establishing new definitions. This act also raises the penalty provisions for violations.
Criminal Offenses
Last Action
Introduced, referred to Senate Artificial Intelligence & Emerging Technol
2/27/2026