Rhode Island Privacy & Security Compliance Guide

🚨 RHODE ISLAND: STRICTEST STATE PRIVACY LAW - NO CURE PERIOD

CRITICAL ALERT: Rhode Island Data Transparency and Privacy Act went live January 1, 2026 with ZERO cure period. Attorney General can impose immediate penalties for violations.

Why DTPPA is Strictest State Law:
• ❌ NO CURE PERIOD: Unlike other states (30-60 day cure), RI AG can fine immediately
• 💰 $10,000 PER VIOLATION: Higher than most states ($7,500 typical)
• 📉 LOWEST THRESHOLD: 35K residents (vs 100K in most states)
• 🎯 EASY TO TRIGGER: Small regional businesses hit threshold quickly

Who Must Comply:
• Businesses processing 35,000+ Rhode Island residents' data
• OR processing 10,000+ residents with 20%+ revenue from data sales
• Applies regardless of physical presence (e-commerce, SaaS, apps)

DTPPA Requirements:
• Consumer Rights: Access, deletion, correction, portability, opt-out of sales/targeted ads
• Privacy Policy: Clear, conspicuous notice required
• Sensitive Data Consent: Opt-in for health, biometric, genetic, precise geolocation data
• Data Protection Assessments: Required for high-risk processing
• Data Broker Registration: Annual registration and fee required

Small State, Big Impact: With only 1.1M population, 35K threshold means regional businesses with approximately 3% market penetration must comply. This is significantly lower than other states.

Healthcare & Universities:
• Rhode Island Hospital, Brown University medical research
• Patient portal data, research participant information
• HIPAA compliance does not exempt from DTPPA

Tourism & Hospitality: Newport tourism businesses, coastal resort bookings, restaurant reservations all process visitor data requiring DTPPA compliance.

Immediate Enforcement Risk: Rhode Island AG announced DTPPA enforcement readiness on Day 1. First enforcement actions expected within 30-60 days targeting businesses with: (1) No privacy policy, (2) No opt-out mechanism, (3) Selling data without disclosure. No warnings, no cure period - just $10K penalties.