Removing Barriers Blog

Rhode Island and Connecticut Expand Data Breach Notice Requirements
Posted July 03,2015 by CUNA Advocacy


The newly enacted "Rhode Island Identity Theft Protection Act of 2015," H 5220 and S 134, requires notification of data breaches within 45 days. If the breach impacts more than 500 Rhode Island residents, the attorney general must be notified as well.

Data security legislation requiring notice within 90 days of  breaches became law in Connecticut. The measure also mandates that breached organizations provide identity protection services to victims of breaches. Rhode Island and Connecticut join seven other states (MT, ND, NV, OR, WA, WY and VT) that have expanded breach notification requirements this legislative session.