Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View

Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)

Last Updated on February 10, 2025

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

The Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA), enacted on June 25, 2024, is set to take effect on January 1, 2026. This legislation grants Rhode Island residents rights to access and confirm, correct or delete, data portability, as well as to opt out of its sale, targeted advertising, and profiling.

The Act applies to for-profit entities conducting business in Rhode Island or targeting its residents. It specifically applies to those that control or process the personal data of at least 35,000 customers, excluding data processed solely for payment transactions, or those that control or process personal data of at least 10,000 customers and derive over 20% of gross revenue from selling personal data.

Businesses must provide clear privacy notices, obtain explicit consent before processing sensitive data, and implement reasonable data security measures. The Rhode Island Attorney General manages enforcement, which includes civil penalties of up to $10,000 per violation.


The Solution

Securiti enables organizations to comply with the Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA) through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Securiti supports enterprises in their journey toward compliance with the Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA) through automation, enhanced data visibility, and identity linking.

The European Union’s Data Act

Readiness Assessment

RIDTPPA Provisions

Use our collaborative, multi-regulation, readiness assessment system to measure your organization's posture against RIDTPPA requirements, identify gaps, and address compliance risks.

Readiness Assessment
Auto Compliance Management

Auto Compliance Management

RIDTPPA Provisions

Automate compliance with RIDTPPA using Securirti common controls and tests.

Privacy Notice Management

Section(s): 6-48.1-3(a), 6-48.1-3(b), 6-48.1-5(f)

Automatically update and refresh your privacy policies and notices. Build and publish a privacy notice with pre-built templates, in compliance with the RIDTPPA.

Privacy Notice Management
Universal Consent Management

Universal Consent Management

Section(s): 6-48.1-4(c), 6-48.1-4(e)

The central dashboard allows you to monitor consent for various data processing activities and track consent revocation to prevent the processing or transfer of data without consent.

Cookie Consent Management

Section(s): 6-48.1-3(b), 6-48.1-4(c), 6-48.1-6(b)(5)

Scan websites to classify cookies, deploy customized consent collection points, and link consent to user identities and personal data categories collected from endpoints.

Cookie Consent Management
Sensitive Data Intelligence

Sensitive Data Intelligence

Section(s): 6-48.1-2(3), 6-48.1-2(18), 6-48.1-2(19), 6-48.1-2(26)

Discover personal data and sensitive data stored across all systems within the organization and link it to unique data subjects. Visualize personal data sprawl and identify compliance risks.

Data Mapping Automation

Section(s): 6-48.1-7(s)

Trace data flow across your systems, catalog data collection and transfer, and document business process flows internally and to the processors.

Data Mapping Automation
Data Subject Rights Fulfillments

Data Subject Rights Fulfillments

Section(s): 6-48.1-4(e), 6-48.1-5, 6-48.1-6

Create customized web forms and accept verified DSR requests. Automate the initiation of the access, correction, deletion, portability and opt-out request fulfillment workflows in compliance with the RIDTPPA.

Data Breach Management

Section(s): R.I. Gen. Laws § 11-49.3-4

Track and manage potential incidents and data breaches with automated notification guidance based on global regulatory requirements.

Data Breach Management
Data Protection Assessment Automation

Data Protection Assessment Automation

Section(s): 6-48.1-7(e), 6-48.1-7(f), 6-48.1-7(g), 6-48.1-7(h), 6-48.1-7(i)

Initiate Data Protection Assessments (DPAs) using compliance templates, invite stakeholders to contribute and review responses, track progress in real-time, and share approved assessments with third parties.

Vendor Assessments

Section(s): 6-48.1-7

You can monitor privacy and security readiness from a single interface for all your service providers. You can also collaborate instantly with processors and manage all processor agreements and compliance documents.

Vendor Assessments
Data Security Posture Management

Data Security Posture Management

Section(s): 6-48.1-4(b)

Discover and auto-remediate security misconfigurations in SaaS and IaaS data systems using a library of rules based on vendor recommendations, industry standards, and best practices.

Key Facts about the Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)

1

The RIDTPPA was passed into law on June 25, 2024, and will become effective on January 1, 2026.

2

The RIDTPPA grants consumers several rights, including access, confirm, correct, or delete data portability, opt out of its sale, and opt out of targeted advertising and profiling.

3

The RIDTPPA applies to for-profit entities conducting business in Rhode Island or targeting its residents. Specifically applies to entities that control or process the personal data of at least 35,000 customers, excluding payment transaction data, or control or process the personal data of at least 10,000 customers and derive over 20% of gross revenue from selling personal data.

4

The RIDTPPA requires businesses to provide clear and transparent privacy notices, obtain explicit consent before processing sensitive data, implement reasonable data security measures, conduct data protection impact assessments, etc.

5

The Rhode Island Attorney General enforces the RIDTPPA. Noncompliance can lead to civil penalties of up to $10,000 per violation. The law also imposes fines of $100 to $500 for each intentional disclosure of personal data.

Analyze this article with AI

Prompts open in third-party AI tools.
IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report
Videos
View More
Mitigating OWASP Top 10 for LLM Applications 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
View More
Top 6 DSPM Use Cases
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
View More
Colorado Privacy Act (CPA)
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
View More
Securiti for Copilot in SaaS
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
View More
Top 10 Considerations for Safely Using Unstructured Data with GenAI
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
View More
Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
View More
Navigating CPRA: Key Insights for Businesses
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
View More
Navigating the Shift: Transitioning to PCI DSS v4.0
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
View More
Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...
AWS Startup Showcase Cybersecurity Governance With Generative AI View More
AWS Startup Showcase Cybersecurity Governance With Generative AI
Balancing Innovation and Governance with Generative AI Generative AI has the potential to disrupt all aspects of business, with powerful new capabilities. However, with...

Spotlight Talks

Spotlight 11:29
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Watch Now View
Spotlight 11:18
Rewiring Real Estate Finance — How Walker & Dunlop Is Giving Its $135B Portfolio a Data-First Refresh
Watch Now View
Spotlight 13:38
Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines
Sanofi Thumbnail
Watch Now View
Spotlight 10:35
There’s Been a Material Shift in the Data Center of Gravity
Watch Now View
Spotlight 14:21
AI Governance Is Much More than Technology Risk Mitigation
AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3
You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge
Watch Now View
Spotlight 47:42
Cybersecurity – Where Leaders are Buying, Building, and Partnering
Rehan Jalil
Watch Now View
Spotlight 27:29
Building Safe AI with Databricks and Gencore
Rehan Jalil
Watch Now View
Spotlight 46:02
Building Safe Enterprise AI: A Practical Roadmap
Watch Now View
Spotlight 13:32
Ensuring Solid Governance Is Like Squeezing Jello
Watch Now View
Latest
View More
Securiti and Databricks: Putting Sensitive Data Intelligence at the Heart of Modern Cybersecurity
Securiti is thrilled to partner with Databricks to extend Databricks Data Intelligence for Cybersecurity. This collaboration marks a pivotal moment for enterprise security, bringing...
Shrink The Blast Radius: Automate Data Minimization with DSPM View More
Shrink The Blast Radius
Recently, DaVita disclosed a ransomware incident that ultimately impacted about 2.7 million people, and it’s already booked $13.5M in related costs this quarter. Healthcare...
View More
All You Need to Know About Ontario’s Personal Health Information Protection Act 2004
Here’s what you need to know about Ontario’s Personal Health Information Protection Act of 2004 to ensure effective compliance with it.
View More
What is Trustworthy AI? Your Comprehensive Guide
Learn what Trustworthy AI means, the principles behind building reliable AI systems, its importance, and how organizations can implement it effectively.
Maryland Online Data Privacy Act (MODPA) View More
Maryland Online Data Privacy Act (MODPA): Compliance Requirements Beginning October 1, 2025
Access the whitepaper to discover the compliance requirements under the Maryland Online Data Privacy Act (MODPA). Learn how Securiti helps ensure swift compliance.
Retail Data & AI: A DSPM Playbook for Secure Innovation View More
Retail Data & AI: A DSPM Playbook for Secure Innovation
The resource guide discusses the data security challenges in the Retail sector, the real-world risk scenarios retail businesses face and how DSPM can play...
DSPM vs Legacy Security Tools: Filling the Data Security Gap View More
DSPM vs Legacy Security Tools: Filling the Data Security Gap
The infographic discusses why and where legacy security tools fall short, and how a DSPM tool can make organizations’ investments smarter and more secure.
Operationalizing DSPM: 12 Must-Dos for Data & AI Security View More
Operationalizing DSPM: 12 Must-Dos for Data & AI Security
A practical checklist to operationalize DSPM—12 must-dos covering discovery, classification, lineage, least-privilege, DLP, encryption/keys, policy-as-code, monitoring, and automated remediation.
The DSPM Architect’s Handbook View More
The DSPM Architect’s Handbook: Building an Enterprise-Ready Data+AI Security Program
Get certified in DSPM. Learn to architect a DSPM solution, operationalize data and AI security, apply enterprise best practices, and enable secure AI adoption...
Gencore AI and Amazon Bedrock View More
Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock
Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...
What's
New