Bill Text: NY S01104 | 2017-2018 | General Assembly | Introduced
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Relates to the timeliness of disclosure of a breach of the security of a system which contains private information.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Introduced - Dead) 2018-06-20 - COMMITTED TO RULES [S01104 Detail]
Download: New_York-2017-S01104-Introduced.html
Bill Title: Relates to the timeliness of disclosure of a breach of the security of a system which contains private information.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Introduced - Dead) 2018-06-20 - COMMITTED TO RULES [S01104 Detail]
Download: New_York-2017-S01104-Introduced.html
STATE OF NEW YORK ________________________________________________________________________ 1104 2017-2018 Regular Sessions IN SENATE January 6, 2017 ___________ Introduced by Sen. VALESKY -- read twice and ordered printed, and when printed to be committed to the Committee on Consumer Protection AN ACT to amend the general business law, in relation to the timeliness of disclosure of a breach of the security of a system which contains private information The People of the State of New York, represented in Senate and Assem- bly, do enact as follows: 1 Section 1. Subdivision 2 of section 899-aa of the general business 2 law, as added by chapter 442 of the laws of 2005, is amended to read as 3 follows: 4 2. Any person or business which conducts business in New York state, 5 and which owns or licenses computerized data which includes private 6 information shall disclose any breach of the security of the system 7 following discovery or notification of the breach in the security of the 8 system to any resident of New York state whose private information was, 9 or is reasonably believed to have been, acquired by a person without 10 valid authorization. The disclosure shall be made [in the most expedient11time possible and] without unreasonable delay, consistent with the 12 legitimate needs of law enforcement, as provided in subdivision four of 13 this section, or any measures necessary to determine the scope of the 14 breach and restore the reasonable integrity of the system. Reasonable 15 delay under this subdivision shall not exceed forty-five days, except as 16 provided in subdivision four of this section or unless the person or 17 business seeking additional time demonstrates to the attorney general 18 that additional time is reasonably necessary to determine the scope of 19 the breach of the security system, prevent further disclosures, conduct 20 the risk assessment, and restore the reasonable integrity of the securi- 21 ty system. If the attorney general determines that additional delay is 22 necessary the agency may extend the time period for notification for 23 additional periods of up to forty-five days each. Any such extension 24 shall be provided in writing. 25 § 2. This act shall take effect immediately. EXPLANATION--Matter in italics (underscored) is new; matter in brackets [] is old law to be omitted. LBD06866-01-7