R.I. House bill would expand notification obligations after data breach
Nearly two months after state officials disclosed a colossal breach of Rhode Island's public benefits portal and health insurance marketplace, a state rep is trying to strengthen laws surrounding data leaks of people's private information.
'We need to do something for data breaches. It's just getting ridiculous,' Rep. Robert Phillips, a Woonsocket Democrat, said Tuesday during a meeting of the Rhode Island House Committee on Innovation, Internet and Technology.
Phillips was testifying on his bill H5301, which would change the Identity Theft Protection Act Of 2015. The identity protection act was last modified in 2023 and regulates how state agencies, or other entities that hold onto people's personal information, are supposed to respond in the event of a data breach. The most recent example is the December 2024 RIBridges breach which is believed to have exposed the personal information of over 650,000 Rhode Islanders.
Under the current law, data breaches that affect 500 or more people require the impacted agency to notify the Rhode Island Attorney General. Phillips' bill would eliminate that threshold and require all breaches to be reported to both the Attorney General and the Department of Business Regulations (DBR). It would also make 'any agency, entity, or any other person that maintains or stores, but does not own or license, data,' subject to notification requirements. That could include entities like Deloitte, the system vendor and architect for RIBridges.
The General Assembly last updated the data breach laws in 2023, the same year the Rhode Island Public Transit Authority (RIPTA) found itself embroiled in a legal battle over a 2021 employee data breach. The legislature decided to create different notification periods for businesses versus government agencies.
Lenette Forry-Menard, a lobbyist and attorney with Champion Advocacy Associates, testified on behalf of the Northern Rhode Island Chamber of Commerce. During the 2023 update of the Identity Protection act, legislators decided that public entities had to notify the Attorney General of a breach in 30 days, down from 45 days. The notification window for businesses stayed at 45 days.
The lobbyist said Phillips' bill is 'unclear' as to whether businesses would still be subject to the 45-day limit to notify state authorities, or if the notification timespan would be shorter. Forry-Menard argued changing the language surrounding a breach's severity of risk might be problematic, as it could make it tricky for businesses to determine what needs to be reported to the state.
Forry-Menard gave an example: 'I'm a remote worker, so I have my computer at home. I'm working on it. I may get up and go to the restroom, and my husband, who's around sometimes, may walk through the office. Technically, under the letter of the law, if you take out the language that's there right now about the significant risk, I should have to notify the attorney general, or under this bill, DBR, that I may have been breached. I don't think anybody wants that.'
Director of the Department of Administration Jonathan Womer also submitted written testimony on the bill.
'The Department has a great appreciation for the importance of this statute, particularly in light of the recent RIBridges data breach, but would like to raise a few operational concerns with the proposed amendments,' Womer wrote.
The director took issue with the proposal's prescription that a breach victim ''cooperate with the owner or licensor' of compromised information…There is no definition of 'cooperate,' which makes this requirement ambiguous and open-ended,' Womer wrote. 'This requirement will likely generate unnecessary confusion for impacted individuals about what they are entitled to from an entity that holds their data.'
As written, the bill could also create administrative burden and delay the existing notification process, Womer wrote.
Phillips' bill was held for further study, as is standard on a piece of legislation's first introduction. He told the committee he's willing to edit the bill and incorporate feedback from stakeholders.
SUPPORT: YOU MAKE OUR WORK POSSIBLE
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Los Angeles Times
4 hours ago
- Los Angeles Times
‘Real-life nightmare for kids.' ‘Roblox' faces multiple lawsuits over child safety
'Roblox' faced a wave of new lawsuits this week that allege the popular gaming platform hasn't done enough to safeguard kids from pedophiles and sexual content. One of the latest complaints, filed in a federal court in the Northern District of California, claims that a predator posed as a child on the platform and sexually exploited a 10-year-old in Michigan. The man, who isn't named in the lawsuit, allegedly convinced the victim to send sexually explicit images of herself after sharing some of himself. The 10-year-old, who is anonymous in the lawsuit, met the predator last year on 'Roblox' and suffered from mental health issues including anxiety, according to the complaint filed Thursday. 'What Roblox represents as a safe, appropriate space for children is, in fact, a digital and real-life nightmare for kids,' the lawsuit, filed by Dolman Law Group, stated. Kids and teens create, explore and socialize in virtual spaces on 'Roblox,' but the gaming platform has continued to grapple with child safety concerns over as its user numbers and revenue grow. On average, 111.8 million users visit the platform daily. The San Mateo-based company's share price closed down more than 6% at $117.34 on Friday. 'The assertion that Roblox would intentionally put our users at risk of exploitation is categorically untrue,' Roblox spokesperson Kadia Koroma said in a statement. 'While no system is perfect, Roblox has implemented rigorous safeguards—such as restrictions on sharing personal information, links, and user-to-user image sharing—to help protect our community. Unfortunately, bad actors will try to circumvent our systems to try to direct users off the platform, where safety standards and moderation practices may differ.' In early August, the company said it's using artificial intelligence to help detect 'child endangerment communications' earlier and alert law enforcement. The lawsuit is among a flurry of new complaints this year that accuse the gaming platform of prioritizing its profits over the safety of its users. On Thursday, Louisiana Atty. Gen. Liz Murrill filed a lawsuit against Roblox over child safety concerns. 'Roblox' is also under political pressure. Rep. Ro Khanna, a California Democrat, has been urging people on social media to sign a petition asking the company to do more to protect children on the platform. Since July, Dolman Law Group has filed five lawsuits against 'Roblox' in courts in California, Georgia and Texas. Matthew Dolman, a Florida lawyer who is a managing partner at the law firm, said a sixth lawsuit is being filed on Friday. The lawsuits point to several steps 'Roblox' could have taken to make the platform safer, such as verifying ages through facial recognition, clearly warning parents about sexual predators and putting a higher age rating for its app. 'This is just the wild west,' Dolman said in an interview. 'It's like a hunting ground for predators.' The company, he said, misrepresents how safe the platform is to both its users and shareholders. 'Roblox' profits from transaction fees when predators offer children Robux, a digital currency used on the gaming platform, in exchange for sexually explicit photos, according to the federal lawsuit filed on Thursday. Predators will also tell children they won't release these photos if they hand over Robux, the lawsuit alleges. The complaint cites a Hindenburg Research report published last year that stated there were inappropriate games on 'Roblox' that researchers were able to access by registering as a child. Some of those experiences were modeled after criminal conduct by child sex offender Jeffrey Epstein. 'Roblox' rebutted claims made in the report and said it invested heavily in its trust and safety efforts, noting that it has rules against child exploitation on its platform. The risk of sextortion, especially among young people, is a growing problem, child advocates say. Roughly 1 in 5 teenagers experienced sextortion, according to a report from Thorn, a child safety nonprofit. Sextortionists have used a variety of platforms, including social media and gaming platforms such as 'Roblox,' 'Minecraft' and 'Fortnite,' to threaten victims.
The Hill
5 hours ago
- The Hill
Clark becomes highest-ranking Democrat to accuse Israel of ‘genocide' in Gaza
House Minority Whip Katherine Clark (D-Mass.), the number two House Democrat, called Israel's actions in Gaza a 'genocide' in remarks earlier this week. 'We each have to continue to have an open heart about how we do this, how we do it effectively, and how we take action in time to make a difference, whether that is stopping the starvation and genocide and destruction of Gaza, or whether that means we are working together to stop the redistricting that is going on, taking away the vote from people in order to retain power,' Clark said during a Thursday event in her district hosted by Friends Committee on National Legislation. Clark is now the highest-ranking House Democrat to use the term 'genocide' to describe the ongoing humanitarian crisis in Gaza. She joins other lawmakers, including Reps. Alexandria Ocasio-Cortez (D-N.Y.), Marjorie Taylor Greene (R-Ga.), Rashida Tlaib (D-Mich.), who have said the same. The Hill reached out to Clark's office for comment. During the Thursday event, constituents questioned the Massachusetts Democrat over her acceptance of $371,187 from the American Israeli Public Affairs Committee (AIPAC), as shown in a video posted by a reporter at The Greyzone News. 'In the past, I have taken AIPAC money, but again, that is not saying you're not going to do what is right here,' she answered. 'I understand that for some of you that's a red line.' Criticism in recent months has mounted against Israel and Prime Minister Netanyahu over its war in Gaza. This week, Netanyahu said he has no choice but to ' finish the job ' in Gaza. During the 22-month war, which began after Hamas attacked Israel in 2023, the death toll has risen to over 60,000 people, and the enclave is experiencing mass starvation according to U.N. sources, which Netanyahu denies. Netanyahu has floated the relocation of Palestinians as the Middle Eastern country has been in talks with South Sudan about taking in people. 'I think that the right thing to do, even according to the laws of war as I know them, is to allow the population to leave, and then you go in with all your might against the enemy who remains there,' Netanyahu said in an interview with i24, and Israeli TV station last week.
Yahoo
5 hours ago
- Yahoo
New Orleans mayor indicted on federal corruption charges
The New Orleans mayor, LaToya Cantrell, was indicted on Friday on federal corruption charges after spending roughly three years under investigation. The indictment against Cantrell came after the September 2024 indictment of local businessman Randy Farrell, who was charged with exchanging gifts with the mayor so that she would allegedly fire a municipal employee who was investigating Farrell's building inspection company. Among the alleged gifts were tickets to a January 2019 New Orleans Saints football game, which was being played with an appearance at the Super Bowl on the line, a cellphone and lunch at an upscale Ruth's Chris Steak House in the city. Cantrell had also drawn scrutiny for an alleged affair with a now retired New Orleans police officer who had served as her bodyguard. The bodyguard, Jeffrey Vappie, allegedly claimed he was at work while he was actually engaging in 'a personal and romantic relationship' with the mayor. Vappie was charged as a co-defendant in Friday's indictment against Cantrell, full details of which were not immediately available, as Guardian reporting partner WWL Louisiana reported. He had previously been charged with wire fraud and lying to FBI agents in July 2024, shortly after he retired from New Orleans' police force. The allegations called to mind the 2018 scandal that cost the Nashville mayor, Megan Barry, her job and centered on an affair with her bodyguard, Robert Forrest. Prosecutors who had obtained the 2024 charges against Vappie have alleged he researched that case online two years earlier. Both Vappie and Farrell have pleaded not guilty to the charges previously filed against them. While the Donald Trump-led US justice department obtained the indictment against Cantrell about seven months into the Republican's second presidency, the federal investigation into the mayor began while Joe Biden – her fellow Democrat – was in his second full year in the Oval Office. Cantrell's lawyer, Eddie Castaing, confirmed to the Associated Press on Friday that an indictment was returned against his client. He also said her name was read aloud by a federal magistrate judge as a defendant. Cantrell, a native of Compton, California, had been a New Orleans city council member before winning election as its mayor in November 2017. She thus became New Orleans's first female mayor and was re-elected four years later. Her second term – which saw the unexpected death of her husband in August 2023 – is due to end in January 2026. Cantrell was term-limited from seeking another stint as mayor, and several candidates have signed up to run to replace her in a primary election set for October. Cantrell on Friday became the first New Orleans mayor charged with federal crimes while still in office. The federal investigation into her began with 2022 subpoenas issued with respect to an image consultant that she employed. Only one other person who has served as New Orleans mayor has been indicted by the US government on federal corruption charges during the city's 307-year history: Ray Nagin. Nagin was New Orleans's mayor when the failure of federal levees there during Hurricane Katrina on 29 August 2005 destroyed the city and caused about 1,400 deaths. He was convicted in 2014 on charges of bribery, honest services wire fraud, money laundering, filing false tax returns and conspiracy, and was sentenced to 10 years in prison. The Associated Press contributed reporting Solve the daily Crossword
