Bill Text: NY S02087 | 2021-2022 | General Assembly | Introduced
Bill Title: Relates to a business tax credit for purchase of data breach insurance.
Spectrum: Bipartisan Bill
Status: (Introduced - Dead) 2022-01-05 - REFERRED TO BUDGET AND REVENUE [S02087 Detail]
Download: New_York-2021-S02087-Introduced.html
STATE OF NEW YORK ________________________________________________________________________ 2087 2021-2022 Regular Sessions IN SENATE January 19, 2021 ___________ Introduced by Sens. JORDAN, GOUNARDES -- read twice and ordered printed, and when printed to be committed to the Committee on Budget and Reven- ue AN ACT to amend the tax law, in relation to a business tax credit for purchase of data breach insurance; and providing for the repeal of such provisions upon expiration thereof The People of the State of New York, represented in Senate and Assem- bly, do enact as follows: 1 Section 1. Section 210-B of the tax law is amended by adding a new 2 subdivision 55 to read as follows: 3 55. Data breach insurance credit. (a) A taxpayer that is a business or 4 owner of a business shall be allowed a credit against the tax imposed by 5 this article equal to twenty-five percent of the premium paid during the 6 taxable year for qualified data breach insurance. For purposes of this 7 section, the term "qualified data breach insurance" means coverage 8 provided by an insurance company for expenses or losses in connection 9 with the theft, loss, disclosure, inaccessibility, or manipulation, of 10 data. 11 (b) In order to qualify for such credit, taxpayers shall adopt and be 12 in compliance with one of the following: 13 (1) Version 1.0 of the framework for improving critical infrastructure 14 cybersecurity published by the national institute of standards and tech- 15 nology as in effect on February twelfth, two thousand fourteen or subse- 16 quent versions or iterations; or 17 (2) Any similar standard specified by the state comptroller, after 18 consultation with the director of the office of information technology 19 services. 20 (c) In the case of insurance coverage under which amounts are payable 21 for other than expenses or losses described in paragraph (a) of this 22 subdivision: EXPLANATION--Matter in italics (underscored) is new; matter in brackets [] is old law to be omitted. LBD01410-01-1S. 2087 2 1 (1) No amount shall be treated as premiums for qualified data breach 2 insurance unless the charge for such insurance is either separately 3 stated in the contract, or furnished to the policyholder by the insur- 4 ance company in a separate statement; 5 (2) The amount taken into account as the premium paid or incurred for 6 such insurance shall not exceed such charge; and 7 (3) No amount shall be treated as paid or incurred for such insurance 8 if the amount specified in the contract, or furnished to the policy- 9 holder by the insurance company in a separate statement, as the charge 10 for such insurance is unreasonably large in relation to the total charg- 11 es under the contract. 12 (d) Premiums shall be taken into account under paragraph (a) of this 13 subdivision only if such premiums are paid or incurred in the ordinary 14 course of the taxpayer's trade or business. 15 (e) This subdivision shall not apply to a business which employs one 16 hundred and one or more employees. 17 § 2. Section 606 of the tax law is amended by adding a new subsection 18 (kkk) to read as follows: 19 (kkk) Data breach insurance credit. (1) A taxpayer that is a business 20 or owner of a business shall be allowed a credit against the tax imposed 21 by this article equal to twenty-five percent of the premium paid during 22 the taxable year for qualified data breach insurance. For purposes of 23 this section, the term "qualified data breach insurance" means coverage 24 provided by an insurance company for expenses or losses in connection 25 with the theft, loss, disclosure, inaccessibility, or manipulation, of 26 data. 27 (2) In order to qualify for such credit, taxpayers shall adopt and be 28 in compliance with one of the following: 29 (A) Version 1.0 of the framework for improving critical infrastructure 30 cybersecurity published by the national institute of standards and tech- 31 nology as in effect on February twelfth, two thousand fourteen or subse- 32 quent versions or iterations; or 33 (B) Any similar standard specified by the state comptroller, after 34 consultation with the director of the office of information technology 35 services. 36 (3) In the case of insurance coverage under which amounts are payable 37 for other than expenses or losses described in paragraph one of this 38 subsection: 39 (A) No amount shall be treated as premiums for qualified data breach 40 insurance unless the charge for such insurance is either separately 41 stated in the contract, or furnished to the policyholder by the insur- 42 ance company in a separate statement; 43 (B) The amount taken into account as the premium paid or incurred for 44 such insurance shall not exceed such charge; and 45 (C) No amount shall be treated as paid or incurred for such insurance 46 if the amount specified in the contract, or furnished to the policy- 47 holder by the insurance company in a separate statement, as the charge 48 for such insurance is unreasonably large in relation to the total charg- 49 es under the contract. 50 (4) Premiums shall be taken into account under paragraph one of this 51 subsection only if such premiums are paid or incurred in the ordinary 52 course of the taxpayer's trade or business. 53 (5) This subsection shall not apply to a business which employs one 54 hundred and one or more employees.S. 2087 3 1 § 3. Subparagraph (B) of paragraph 1 of subsection (i) of section 606 2 of the tax law is amended by adding a new clause (xlvi) to read as 3 follows: 4 (xlvi) Data breach insurance Amount of credit under subdivision 5 credit under subsection (kkk) fifty-five of section two hundred 6 ten-B 7 § 4. This act shall take effect immediately and shall apply to taxable 8 years beginning on and after the first of January next succeeding the 9 date on which it shall have become a law and shall remain in effect for 10 five years after it shall have become a law, when upon such date the 11 provisions of this act shall expire and be deemed repealed.