How New Rhode Island Privacy Law May Impact Businesses Across U.S.
Rhode Island businesses and any company with Rhode Island customers are officially on the clock. The Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA” or “the Act”) takes effect January 1, 2026 , meaning compliance deadlines are quickly approaching . Unlike many other state privacy laws, the Act provides no right to cure violations before penalties apply. With potential fines of up to $10,000 per violation, businesses should begin compliance efforts now by reviewing data practices, updating privacy notices, and preparing consumer rights workflows before year-end. Key Definitions: Controllers and Processors The Act follows the same framework used in other state privacy laws and the European Union’s General Data Protection Regulation (GDPR) by distinguishing controllers and processors: Controller : The individual or business that decides why personal data is collected and how it will be used. For example, a retailer deciding to collect customer email addresses for mark...