Senate approves Chairman DiPalma’s bill that protects employees after data breaches


            STATE HOUSE – The Senate today passed legislation (2023-S 0425) sponsored by Sen. Louis P. DiPalma, Chairman of the Senate Finance Committee, which would protect public employees upon the occurrence of data breaches.

            The legislation amends the Identity Theft Protection Act of 2015, which was also sponsored by Chairman DiPalma, by requiring municipal agencies, state agencies, or persons to report data breaches in a timelier manner. 

            “Time and resources are essential when dealing with data breaches of confidential information systems and these cybercrimes have the potential to negatively impact tens of thousands of Rhode Islanders and their families.  This bill will better protect stored data and strengthen our response times and corrective actions, ensuring that any damage resulting from data breaches is recognized and addressed in the most expedient manner possible,” said Chairman DiPalma (D-Dist. 12, Middletown, Little Compton, Newport, Tiverton).

            “Thousands of union members and their families were victims of a significant data breach in 2021, and left unprotected in its aftermath. Senator DiPalma’s legislation is an important step forward to protecting workers data privacy and encourages employers to take the steps necessary to prevent future incidents,” said Pat Crowley, Secretary-Treasurer of the Rhode Island AFL-CIO.

            According to the previous legislation, governmental agencies that stored personal information had to disclose a data breach to affected people within 45 days of the incursion.  The new legislation reduces that time frame to 15 days.  The legislation also provides for identity theft protection services to be offered to any affected individual for a minimum of five years and for any individual under the age of 18, identity protection would be offered until their 18th birthday and for no less than the following two years.  It also requires any municipal agency, state agency, or person that detects a cybersecurity incident to notify the Rhode Island State Police upon detection of the cybersecurity incident within 24 hours.

            The bill now heads to the House for consideration where Rep. Terri Cortvriend (D-Dist. 72, Portsmouth, Middletown) has sponsored the legislation (2023-H 5684).