Skip Ribbon Commands
Skip to main content
News : Recent Press Releases     Op-Ed     Publications     About the Legislative Press Bureau Printer Friendly View
6/5/2025 Sen. Gu bill would modernize identity theft protection laws
STATE HOUSE — The Senate Committee on Artificial Intelligence and Emerging Technologies has passed a bill sponsored by Sen. Victoria Gu aiming to modernize cybersecurity laws to better protect the personally identifiable information of Rhode Islanders. The bill now goes to the full Senate for a vote.

“In the wake of the RIBridges cyberattack, it’s important to set clear expectations that state agencies, municipalities and companies should be meeting current best practices of an industry-recognized cybersecurity framework, such as NIST Cybersecurity Framework, to protect the personally identifiable information of Rhode Islanders,” said Senator Gu (D-Dist. 38, Westerly, Charlestown, South Kingstown) who chairs the newly created Senate Committee on Artificial Intelligence and Emerging Technologies. “Our current laws governing the protection of this information need updating to match the reality of our increasingly digital world and its threats.”

The December 2024 breach of RIBridges, Rhode Island’s online portal for social services, affected around 650,000 people in total, releasing Social Security numbers, employment details, financial data and other personal information to the dark web. Senator Gu saw this as a clear sign that Rhode Island needed to update its cybersecurity standards.

The bill (2025-S 1037A) would amend the Identity Theft Protection Act of 2015 to modernize its requirements and definitions. It would change references to protecting “personal information” in the law to “personally identifiable information,” a more expansive term that includes all information that can be used to reveal a person’s identity.

“The more pieces of information a hacker or scammer can gather on you, the greater the likelihood their attack will succeed,” said Senator Gu.

Entities that handle this information are already required to maintain a risk-based information security program, and the bill clarifies that this program must meet current best practices as outlined in an industry recognized cybersecurity framework, with controls to restrict and manage access to this data.

The bill would maintain the existing penalties in law for “reckless” or “knowing and willful violations,” but adds an additional tool to allow courts to impose additional sanctions if the circumstances of a violation warrant it.

The bill would also update the reporting requirements of state agencies, municipalities and companies when a breach has occurred to include timely notification to the Rhode Island Division of Enterprise Technology Strategy and Services (ETSS).

ETSS is the Rhode Island agency responsible for oversight, coordination and development of all IT staff and resources within the executive branch of government. It works to standardize the state’s ongoing investments in software, networks and cybersecurity.

Companion legislation (2025-H 6346) is being sponsored in the House by Rep. Lauren H. Carson (D-Dist. 75, Newport).

 
 
 



For more information, contact:
Meredyth R. Whitty, Publicist
State House Room 20
Providence, RI 02903
(401) 222-1923