A business shall take reasonable steps to destroy or arrange for the destruction of a customer’s personal information within its custody and control that is no longer to be retained by the business by shredding, erasing, or otherwise destroying and/or modifying the personal information in those records to make it unreadable or indecipherable through any means for the purpose of: (1) Ensuring the security and confidentiality of customer personal information; (2) Protecting against any reasonably foreseeable threats or hazards to the security or integrity of customer personal information; and (3) Protecting against unauthorized access to, or use of, customer personal information that could result in substantial harm or inconvenience to any customer. History of Section.P.L. 2009, ch. 247, § 1; P.L. 2009, ch. 285, § 1; P.L. 2014, ch. 528, § 39.
Rhode Island Legal Code