Rhode Island Data Privacy Laws

There is no right to privacy contained in the Constitution of the State of Rhode Island. The Health Care Communication and Information Information Confidentiality Act also prohibits managed care facilities and managed care contractors who write policies in the state from providing participant information that is personal in nature and could reasonably lead to the identification of an individual and that is not essential to the compilation of participant statistical data. to any international, national, regional or local medical information database (R.I. Gen. Statutes §5-37.3-4). With respect to law enforcement, the provisions of R.I. Gen. Statutes § 11-49.2-1 enforceable by the Attorney General of Rhode Island. Subsequently, Rhode Island`s attorney general has the power to impose fines on individuals, businesses, and state organizations that violate the law. These penalties include a fine of up to $100 to $200 for each personal record compromised as a result of a data breach, depending on whether the breach was intentional or not.

In addition, R.I. Gen. Section 11-49.2-1 of the statutes also gives the Attorney General of Rhode Island the power “to bring an action on behalf of the State against the corporation or person that harms the corporation or person.” System breach: unauthorized access to or acquisition of unencrypted computerized data information that compromises the security, confidentiality, or integrity of personal data managed by the municipal authority, state authority, or individual. The collection of personal data in good faith by an employee or representative of the Agency for the purposes of the Agency shall not constitute a breach of the security of the system, provided that the personal data are not used or are otherwise subject to other unauthorised disclosure. The director may communicate to the commissioner of the jury the names and addresses of all recipients of unemployment benefit. The Director may share unemployment insurance recipient data with the ministry`s designated research partners for the purposes of its workforce data quality and workforce innovation fund initiatives. The Director may provide information to the Department of Correctional Services for the purposes of case management and post-release follow-up, and the Director may share information with the Rhode Island Staff Retirement System and the Office of the Treasurer General to ensure compliance with applicable laws. Linn Freedman`s practice focuses on privacy and security, cybersecurity, and complex litigation.

She provides privacy and cybersecurity compliance advice to a wide range of public and private clients across all industries, including construction, education, healthcare, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and not-for-profit. Linn is a member of Robinson+Cole`s Commercial Litigation Group and leads the Data Privacy + Cybersecurity team. She is also a member of the Financial Services Cyber Compliance Team (CyFi Team). Rhode Island laws also protect a person`s HIV test results and prohibit the disclosure of HIV tests without that person`s prior written consent. There are some exceptions, including the fact that a laboratory or accredited health care facility may report test results, a health care provider may record HIV test results in a patient`s medical record, and other notifications may be permitted by law (§ 23-6.3-7 of 23 R.I. Gen. Statutes Chapter 6.3). The Health Communications and Information Privacy Act provides a private right of action in the event of a breach.

In a case involving the Health Care Communications and Information Confidentiality Act, a pharmacy was charged with violating its provisions by disclosing the applicant`s confidential medical records to her then-spouse`s lawyer in a divorce case that was contested without the plaintiff`s knowledge or consent. The Supreme Court ruled that the pharmacy violated the Health Care Communications and Information Privacy Act by handing over its customers` records to an unauthorized third party under a subpoena. The Supreme Court found that the pharmacy violated the plaintiff`s rights to confidentiality and privacy and was also liable for the plaintiff`s attorney`s fees (Washburn v. Rite Aid Corp., 695 A.2d 495 (IR 1997)). Encrypted: The transformation of data using an algorithmic process of 128 bits or more into a form where there is a low probability of assigning meaning without using a confidential process or key. Data is not considered encrypted if it is purchased in combination with a key, security code or password that would allow access to the encrypted data. Summary: There is currently no comprehensive privacy law in Rhode Island. However, the right to privacy is expressly created by Rhode Island law, which also provides for a specific right to violate that right under section 9-1-28.1 of the general laws of the State of Rhode Island. In addition, under the Rhode Island Identity Theft Protection Act of 2015, under sections 11-49.3 et seq.

The general laws of the State of Rhode Island require any person who stores, possesses, collects, processes, maintains, acquires, uses, or licenses data containing personal data to report personal data breaches with unauthorized access to unencrypted computerized records to affected consumers and the AG and consumer reporting units if more than 500 consumers are affected by the breach. The Customer has the right to sanction violations of the law and to impose penalties. While any company that constantly collects and processes personal data will at some point face a data breach scenario, there are steps that can be taken to ensure that personal data remains secure in the event of such attacks. For example, companies may use self-authoring software to protect the personal information they use in the course of their respective activities. Because this software effectively renders personal information unreadable or unusable, a company that has blackened out certain forms of personal information is still protected if that information is compromised in a data breach.

This entry was posted in Uncategorized. Bookmark the permalink.