PROVIDENCE – The Senate Committee on Artificial Intelligence and Emerging Technologies has approved a bill sponsored by Sen. Victoria Gu, D-Westerly, aimed at updating cybersecurity legislation to enhance the protection of Rhode Islanders’ personally identifiable information.
The bill now goes to the full R.I. Senate for consideration.
Healing Beyond the Surface: Expert Wound Care with Angela Fazio, RN, BSN, CWCN
Why specialized treatment matters more than you may realize. For millions of Americans, chronic wounds…
Learn More
“It is crucial to establish clear expectations for state agencies, municipalities and businesses to adhere to recognized best practices in cybersecurity, such as the NIST [National Institute for Standards and Technology] Cybersecurity Framework, to safeguard the personally identifiable information of Rhode Islanders,” said Gu, who chairs the committee. “Our existing laws regarding the protection of this information must be revised to reflect the realities of our increasingly digital landscape and its associated threats.”
The December 2024 breach of RIBridges, Rhode Island’s online social services portal, impacted approximately 650,000 individuals, exposing sensitive data, including Social Security numbers, employment details, financial information and other personal records on the dark web.
The legislation seeks to amend the Identity Theft Protection Act of 2015 to modernize its definitions and requirements.
“The more information a hacker or scammer can collect on an individual, the higher the chances of a successful attack,” Gu said.
Organizations that manage this type of information are currently mandated to implement a risk-based information security program, and the bill specifies that such programs must conform to current best practices as delineated in a recognized cybersecurity framework, with appropriate controls to limit and manage access to this data.
While the bill would retain the existing penalties for “reckless” or “knowing and willful violations,” it introduces an additional provision allowing courts to impose further sanctions if the specifics of a violation warrant it.
Moreover, the legislation would revise the reporting obligations of state agencies, municipalities and businesses in the event of a breach, requiring prompt notification to the R.I. Division of Enterprise Technology Strategy and Services, the state agency responsible for overseeing, coordinating and developing all information technology personnel and resources within the executive branch of government.
Companion legislation is being introduced in the R.I. House of Representatives by Rep. Lauren H. Carson, D-Newport.
Christopher Allen is a PBN staff writer. You may contact him at Allen@PBN.com.
