PROVIDENCE, R.I. (WPRI) – House Minority Whip Blake Filippi says existing state law is not doing enough to protect victims of security breaches.
Filippi said the massive Equifax data breach, which compromised the personal information of more than 145 million Americans, prompted him to introduce legislation aimed at protecting consumers.
“The intent is to deal with large data breaches such as the Equifax data breach, the Home Depot, Uber data breaches,” Filippi said. “It seeks to require companies that have these large data bases which have been breached where data is potentially being sold on the dark web, it mandates that they notify their customers.”
There’s a similar law already on the books in Rhode Island, the Identity Theft Protection Act of 2015. It requires consumer notification of a data breach within 45 days.
“This one doesn’t specify,” Filippi said. “It’s a reasonable promptness, so the way we interpret it, is that it would require a much quicker turnaround by the company than the 45 days in existing law.”
Parties who violate state the Identity Theft Protection Act of 2015 are subject to a $100 per record penalty. Filippi’s legislation has a $150,000 per-breach penalty.
“There needs to be protections in state law, protections with teeth, that make it painful for companies that would try and hide that data was stolen,” he said.
A spokesperson for Rhode Island Attorney General Peter Kilmartin said the office has not had a chance to review Filippi’s legislation to understand how it would work with existing law.
A hearing on the bill has not been scheduled.