Privacy Bill Essentials: Rhode Island
Privacy, Cyber & AI Decoded Alert | 2 min read
Mar 5, 2021
A new data protection and privacy bill has been introduced in Rhode Island. The Rhode Island Transparency and Privacy Protection Act (TPPA) provides more narrow protections than privacy bills proposed in other states. If enacted, the bill would go into effect on January 1, 2022.
To whom would it apply?
The Rhode Island bill would apply to website operators that:
- Collect and maintain personally identifiable information from a customer who uses or visits the website or online service for a commercial purpose; and
- Employ more than 10 individuals.
In a departure from other bills, the TPPA defines the protected class of persons as "customers" instead of "consumers." A "customer" is an individual residing in Rhode Island who actively or passively provides personally identifiable information to any entity, "in the course of purchasing, viewing, accessing, renting, leasing, or otherwise using real or personal property, or any interest therein, or obtaining a product or service, including advertising or any other content."
What types of information would it cover?
The bill defines personally identifiable information to include an individual's first name or first initial and last name combined with any one or more of the following, among others:
- Social security numbers;
- Driver's license, passport, state identification or triable identification numbers;
- Account numbers, credit card or debit card numbers;
- Medical or health insurance information; and
- Email addresses with any required password that would enable access to an individual's personal, medical, insurance, or financial information.
What rights would it create?
The Rhode Island bill would give customers the right to know:
- All categories of personally identifiable information that operators collect through their websites or online services; and
- All categories of third parties with whom the operators may share that personally identifiable information.
What obligations would it impose?
The Rhode Island Bill would require all covered operators to post, either in the customer agreement, incorporated addendum, or other conspicuous location, all information related to the types of personally identifiable information collected and all categories of third parties with whom the operators may share this information.
How would it be enforced?
The law would be solely enforced by the Rhode Island Attorney General's Office. Any violations would be considered a deceptive trade practice, and businesses would face a $100 fine per disclosure. The bill would not create any private right of action on behalf of individual customers.
Where does it stand?
The bill was introduced on February 26, 2021 to the Rhode Island House of Representatives. A previous iteration of the bill in 2018—which had an opt-out provision and a wider definition of personally identifiable information—failed to garner the necessary support.
Related Capabilities
Featured Insights

Webinar
Jul 14, 2026
Scott Seaman Presents on Horizontal vs. Vertical Exhaustion of Insurance

Event
July 13-15, 2026
Hinshaw Proudly Sponsors 2026 Lavender Law Conference and Career Fair

Healthcare Alert
Jul 8, 2026
A New Era of Compliance Standards for California DSOs and MSOs After the Aspen Dental Settlement

Insights for Insurers Alert
Jul 7, 2026
What Insurers Need to Know About California’s FAIR Plan Assessment Recoupment Guidance

In The News
Jul 6, 2026
Francesco Palanda’s Practical Guide for Mitigating AI-Related Business Interruption Risk

Lawyers' Lawyer Newsletter
Jun 29, 2026
Beyond Malpractice: The Rising Threat of Privacy and Statutory Claims Against Lawyers

In The News
Jun 26, 2026
Brian McGrath Discusses Far-Reaching Impact of a NY Foreclosure Ruling on Mortgage Industry

In The News
Jun 26, 2026
Jason Oliveri Discusses AI Companions in Elder Care and the Risks for LGBTQ+ Residents



