State privacy overview

Rhode Island Data Privacy: A Plain-Language Overview

Informational summary · No comprehensive consumer privacy law (as of 2026)
General information — not legal advice. This overview is provided for general educational purposes only and may not reflect the most recent changes in the law. It is not legal advice and does not create any attorney–client relationship. Verify current requirements with the state's official resources and consult qualified counsel before acting.

No comprehensive consumer privacy law (as of 2026)

Status: No active comprehensive legislation; reliance on sector-specific laws (e.g., insurance, data breach notification).

Rhode Island does not have a single, comprehensive law regulating consumer data privacy like the GDPR or CCPA. Instead, data protection is governed by specific industry regulations, such as those for insurance, and the state's general Consumer Protection Act. Businesses are primarily required to comply with the Rhode Island Identity Theft Protection Act, which mandates data breach notifications.

Rights residents generally have

Who it generally applies to

The breach notification law applies broadly to any person or business that owns, licenses, or maintains computerized personal data about Rhode Island residents.

What this means for B2B outreach

The data breach notification requirements apply to personal information in general, including business contact data if it contains 'personal identifiers' (e.g., a Social Security Number) combined with a name. Commercial email activities fall under general federal anti-spam laws and standard business practices.

Authoritative source: Rhode Island Office of the Attorney General. Always confirm current requirements there.

Marketing that respects privacy by design

We run permission-based, compliance-minded campaigns with real opt-out handling.

Talk to us

← All state privacy overviews