Bill Text: NY A06128 | 2023-2024 | General Assembly | Introduced
Bill Title: Increases security on digital submissions to the state by requiring the use of verified accounts and multi-factor authorization.
Spectrum: Partisan Bill (Republican 1-0)
Status: (Introduced) 2024-01-03 - referred to governmental operations [A06128 Detail]
Download: New_York-2023-A06128-Introduced.html
STATE OF NEW YORK ________________________________________________________________________ 6128 2023-2024 Regular Sessions IN ASSEMBLY April 3, 2023 ___________ Introduced by M. of A. K. BROWN -- read once and referred to the Commit- tee on Governmental Operations AN ACT to amend the state technology law, in relation to increasing security on digital submissions to the state The People of the State of New York, represented in Senate and Assem- bly, do enact as follows: 1 Section 1. The state technology law is amended by adding a new section 2 106-c to read as follows: 3 § 106-c. Digital submissions to the state. Any state agency, board, 4 bureau, authority, commission, division, or other governmental entity 5 performing a governmental or proprietary function for the state that 6 allows for the digital submission of information to such governmental 7 entity shall require a person to create an account with the governmental 8 entity through which the digital submission can be made. Such account 9 shall have the following security features: 10 1. Verified account. (a) To create an account, a user shall provide 11 and confirm the following information: 12 (i) the user's full name; 13 (ii) the user's physical residential address; 14 (iii) the user's date of birth; 15 (iv) at least two of the following: 16 (A) the user's social security number; 17 (B) the user's driver's license number; 18 (C) the user's United States passport number; 19 (D) the user's taxpayer identification number; or 20 (E) any other form of identification issued by a governmental entity 21 approved by the office; and 22 (v) the user's email address or telephone number. 23 (b) The user's account shall have a unique username chosen by the user 24 using rules approved by the office. EXPLANATION--Matter in italics (underscored) is new; matter in brackets [] is old law to be omitted. LBD10307-01-3A. 6128 2 1 (c) The governmental entity shall validate the information provided by 2 the user to create such account is accurate. 3 2. Multi-factor authorization. To access an account made under subdi- 4 vision one of this section, a user shall be required to use the user's 5 username and two of the following methods of authentication to verify 6 such user's identity: 7 (a) a password; 8 (b) answers to previously provided security questions; 9 (c) biometric data, including fingerprint, facial or voice recogni- 10 tion; 11 (d) an authorization code sent by phone call, text message or email to 12 the appropriate contact information provided; or 13 (e) any other authorization types approved by the office. 14 § 2. This act shall take effect one year after it shall have become a 15 law. Effective immediately, the addition, amendment and/or repeal of any 16 rule or regulation necessary for the implementation of this act on its 17 effective date are authorized to be made and completed on or before such 18 effective date.
