By Colin A. Coleman, John E. Ottaviani, or Brian Reilly
On March 29, 2019, a bill was submitted to the Rhode Island General Assembly entitled “Consumer Privacy Protection Act – 2019 H 5930” (the Proposed Act). If enacted, the Proposed Act would place more stringent requirements on the collection and retention of consumers’ personal information by a “business.”
The Proposed Act applies to all businesses, wherever located, that collect consumers’ personal information from Rhode Island residents. The Proposed Act requires such businesses to inform consumers of the categories of information to be collected and the purpose for which the information will be used prior to collecting such information.
Businesses that collect personal information would also be required, upon a consumer’s request, to disclose to the consumer certain specific personal information that the business has collected. And, subject to certain exceptions, businesses that receive a request from a consumer to delete that consumer’s personal information would be required to delete such information and to instruct their services providers to do the same.
Similar requirements would apply to businesses that sell consumer information, except that such businesses would be subject to additional disclosure requirements and would also be required to honor consumers’ requests to opt out of the sale of their information.
The Proposed Act grants to consumers a private right of action against businesses who commit certain violations of the Proposed Act, with monetary penalties ranging from the greater of $100 to $750 per consumer, per incident or the consumer’s actual damages. However, prior to maintaining such an action, consumers would be required to provide businesses with notice and an opportunity to cure (where a cure is possible).
This Client Alert is intended to give a high-level overview of the Proposed Act. Should the Proposed Act be enacted, it may contain different or additional provisions from those contained in its present form. We will provide updates when there are new developments.
If you would like to discuss your company’s data privacy or cybersecurity compliance, please contact Colin A. Coleman, John E. Ottaviani, or Brian Reilly at Partridge Snow & Hahn LLP.