Bill Text: NY A03174 | 2015-2016 | General Assembly | Introduced

Bill Title: Relates to destruction of personal information stored on copiers, facsimile machines or multifunction devices.

Spectrum: Slight Partisan Bill (Democrat 4-2)

Status: (Engrossed - Dead) 2016-06-14 - REFERRED TO RULES [A03174 Detail]

Download: New_York-2015-A03174-Introduced.html
                           S T A T E   O F   N E W   Y O R K
       ________________________________________________________________________
                                         3174
                              2015-2016 Regular Sessions
                                 I N  A S S E M B L Y
                                   January 22, 2015
                                      ___________
       Introduced  by  M. of A. PEOPLES-STOKES -- read once and referred to the
         Committee on Consumer Affairs and Protection
       AN ACT to amend the general business law, in relation to destruction  of
         personal  information  stored on copiers, facsimile machines or multi-
         function devices
         THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
       BLY, DO ENACT AS FOLLOWS:
    1    Section 1. The general business law is amended by adding a new section
    2  349-f to read as follows:
    3    S  349-F.  DESTRUCTION  OF  PERSONAL  INFORMATION  STORED  ON COPIERS,
    4  FACSIMILE MACHINES OR MULTIFUNCTION DEVICES. 1. FOR THE PURPOSES OF THIS
    5  SECTION:
    6    (A) "DATA STORAGE DEVICE" MEANS ANY DEVICE THAT STORES INFORMATION  OR
    7  DATA  FROM  ANY ELECTRONIC OR OPTICAL MEDIUM, INCLUDING, WITHOUT LIMITA-
    8  TION, A COMPUTER, CELLULAR TELEPHONE, MAGNETIC TAPE, ELECTRONIC COMPUTER
    9  DRIVE AND OPTICAL COMPUTER DRIVE, AND THE MEDIUM ITSELF.
   10    (B) "ENCRYPTION" MEANS THE PROTECTION OF DATA IN ELECTRONIC OR OPTICAL
   11  FORM, IN STORAGE OR IN TRANSIT,  USING:  (I)  AN  ENCRYPTION  TECHNOLOGY
   12  WHICH HAS BEEN ADOPTED BY AN ESTABLISHED STANDARDS SETTING BODY, INCLUD-
   13  ING,  WITHOUT  LIMITATION,  THE FEDERAL INFORMATION PROCESSING STANDARDS
   14  ISSUED BY THE NATIONAL INSTITUTE OF STANDARDS  AND  TECHNOLOGY,  OR  ITS
   15  SUCCESSOR  ORGANIZATION,  AND  WHICH RENDERS SUCH DATA INDECIPHERABLE IN
   16  THE  ABSENCE  OF  ASSOCIATED  CRYPTOGRAPHIC  KEYS  NECESSARY  TO  ENABLE
   17  DECRYPTION  OF SUCH DATA; AND (II) APPROPRIATE MANAGEMENT AND SAFEGUARDS
   18  OF CRYPTOGRAPHIC KEYS TO PROTECT THE INTEGRITY OF THE  ENCRYPTION  USING
   19  GUIDELINES PROMULGATED BY AN ESTABLISHED STANDARDS SETTING BODY, INCLUD-
   20  ING,  WITHOUT  LIMITATION, THE NATIONAL INSTITUTE OF STANDARDS AND TECH-
   21  NOLOGY OR ITS SUCCESSOR ORGANIZATION.
   22    (C) "MULTIFUNCTION DEVICE" MEANS A MACHINE THAT INCORPORATES THE FUNC-
   23  TIONALITY OF MULTIPLE DEVICES, WHICH  MAY  INCLUDE  A  PRINTER,  COPIER,
        EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                             [ ] is old law to be omitted.
                                                                  LBD01183-01-5
       A. 3174                             2
    1  SCANNER,  FACSIMILE  MACHINE OR ELECTRONIC MAIL TERMINAL, TO PROVIDE FOR
    2  THE CENTRALIZED MANAGEMENT, DISTRIBUTION OR PRODUCTION OF DOCUMENTS.
    3    2.  A BUSINESS ENTITY OR DATA COLLECTOR THAT OWNS OR POSSESSES A COPI-
    4  ER, FACSIMILE MACHINE OR MULTIFUNCTION DEVICE WHICH USES A DATA  STORAGE
    5  DEVICE  TO STORE, REPRODUCE, TRANSMIT OR RECEIVE DATA OR IMAGES THAT MAY
    6  CONTAIN PERSONAL INFORMATION SHALL, BEFORE THE BUSINESS ENTITY  OR  DATA
    7  COLLECTOR  RELINQUISHES  OWNERSHIP,  PHYSICAL  CUSTODY OR CONTROL OF THE
    8  COPIER, FACSIMILE MACHINE OR MULTIFUNCTION  DEVICE  TO  ANOTHER  PERSON,
    9  ENSURE THAT ANY PERSONAL INFORMATION WHICH IS STORED ON THE DATA STORAGE
   10  DEVICE OF THE COPIER, FACSIMILE MACHINE OR MULTIFUNCTION DEVICE IS:
   11    (A) SECURED THROUGH THE USE OF ENCRYPTION; OR
   12    (B)  DESTROYED  THROUGH  THE USE OF A PHYSICAL OR TECHNOLOGICAL METHOD
   13  THAT HAS BEEN ADOPTED BY AN ESTABLISHED STANDARDS SETTING BODY,  INCLUD-
   14  ING,  WITHOUT LIMITATION, A METHOD PRESCRIBED BY THE MOST RECENT VERSION
   15  OF THE FEDERAL INFORMATION PROCESSING STANDARDS ISSUED BY  THE  NATIONAL
   16  INSTITUTE OF STANDARDS AND TECHNOLOGY OR ITS SUCCESSOR ORGANIZATION.
   17    3.  IF A BUSINESS ENTITY OR DATA COLLECTOR USES OR POSSESSES A COPIER,
   18  FACSIMILE MACHINE OR MULTIFUNCTION DEVICE  WHICH  USES  A  DATA  STORAGE
   19  DEVICE  TO STORE, REPRODUCE, TRANSMIT OR RECEIVE DATA OR IMAGES THAT MAY
   20  CONTAIN PERSONAL INFORMATION PURSUANT TO A  LEASE  AGREEMENT  OR  RENTAL
   21  CONTRACT, THE OWNER OR LESSOR OF THE COPIER, FACSIMILE MACHINE OR MULTI-
   22  FUNCTION  DEVICE  SHALL, AS SOON AS PRACTICABLE AFTER THE TERMINATION OR
   23  CANCELLATION OF THE LEASE AGREEMENT OR RENTAL CONTRACT, OR UPON ASSUMING
   24  PHYSICAL CUSTODY OR CONTROL OF THE COPIER, FACSIMILE MACHINE  OR  MULTI-
   25  FUNCTION DEVICE, ENSURE THAT ANY PERSONAL INFORMATION WHICH IS STORED ON
   26  THE  DATA  STORAGE DEVICE OF THE COPIER, FACSIMILE MACHINE OR MULTIFUNC-
   27  TION DEVICE IS DESTROYED THROUGH THE USE OF A PHYSICAL OR  TECHNOLOGICAL
   28  METHOD  THAT  HAS BEEN ADOPTED BY AN ESTABLISHED STANDARDS SETTING BODY,
   29  INCLUDING, WITHOUT LIMITATION, A METHOD PRESCRIBED BY  THE  MOST  RECENT
   30  VERSION  OF  THE  FEDERAL INFORMATION PROCESSING STANDARDS ISSUED BY THE
   31  NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY OR ITS  SUCCESSOR  ORGAN-
   32  IZATION.
   33    4. THE PROVISIONS OF SUBDIVISIONS TWO AND THREE OF THIS SECTION DO NOT
   34  APPLY  TO  A  COPIER, FACSIMILE MACHINE OR MULTIFUNCTION DEVICE WHICH IS
   35  USED OR CONFIGURED IN SUCH A WAY AS TO PREVENT THE STORAGE  OF  DATA  OR
   36  IMAGES THAT MAY CONTAIN PERSONAL INFORMATION.
   37    S  2.   This act shall take effect on the ninetieth day after it shall
   38  have become a law.

LegiScan Search

View Top 50 Searches

Select area of search.
Find an exact bill number.
Search bill text and data. [help]
Reset

LegiScan Trends

View Top 50 National

WA SB5982 Updating the definition of "vaccine" in RCW 70.290.010 to include all federal...
US SB2224 Stop Predatory Investing Act
US SB382 Puyallup Tribe of Indians Land Into Trust Confirmation Act of 2023
VA HB801 Electronic communication systems within state correctional facilities;...
NY S06476 Directs state agencies to submit reports detailing their telework policies;...
IL HB0046 ISOLATED CONFINEMENT RESTRICT
US SB4021 A bill to place restrictions on the official display of flags, seals, or...
VA HB1132 Insurance; annual actual loss ratio report by dental carriers.
US SR606 A resolution to recognize the 203rd anniversary of the independence of...
LA HB345 Requires a license plate on the front of a motor vehicle for identification...
feedback