Assembly Actions -
Senate Actions - UPPERCASE
|Jan 06, 2016||
referred to consumer protection
|Apr 22, 2015||
referred to consumer protection
Senate Bill S4887
2015-2016 Legislative Session
Archive: Last Bill Status - In Senate Committee Consumer Protection Committee
- In Committee Assembly
- On Floor Calendar Assembly
- Passed Assembly
- Delivered to Governor
- Signed By Governor
2015-S4887 (ACTIVE) - Details
2015-S4887 (ACTIVE) - Sponsor Memo
BILL NUMBER:S4887 TITLE OF BILL: An act to amend the general business law and the state technology law, in relation to the data security act PURPOSE: New York's data security law is outdated and out of touch. The current legal framework is weak and reactive. The purpose of this bill is to expand protection of consumer's "private information," and reward businesses who adopt model data security procedures. First, this bill expands protection by broadening the definition of private information. Second, this bill strengthens protection by requiring companies to adopt reasonable data security standards. Finally, this bill rewards businesses who adopt heightened data security standards by creating a series of presumptions and safe harbors. SUMMARY OF PROVISIONS: Section 1 Provides that the act shall be known and may be cited as the data security act. Section 2. Amends the definition of "private information" in the General Business Law § 899-aa to include biometric information (i.e., data generated by automatic measurements of an individual's physical characteristics, which are used by the owner or licensee to authenticate the individual's identity), online credentials (i.e., a user name or email address in combination with a password or security
2015-S4887 (ACTIVE) - Bill Text download pdf
S T A T E O F N E W Y O R K ________________________________________________________________________ 4887 2015-2016 Regular Sessions I N S E N A T E April 22, 2015 ___________ Introduced by Sen. VENDITTO -- (at request of the Attorney General) -- read twice and ordered printed, and when printed to be committed to the Committee on Consumer Protection AN ACT to amend the general business law and the state technology law, in relation to the data security act THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. This act shall be known and may be cited as the "data secu- rity act". S 2. The opening paragraph and paragraph (b) of subdivision 1 of section 899-aa of the general business law, as added by chapter 442 of the laws of 2005, are amended to read as follows: As used in this section, AND SECTION EIGHT HUNDRED NINETY-NINE-BB OF THIS ARTICLE, the following terms shall have the following meanings: (b) "Private information" shall mean EITHER: (I) personal information consisting of any information in combination with any one or more of the following data elements, when either the personal information or the data element is not encrypted, or encrypted with an encryption key that has also been acquired: (1) social security number; (2) driver's license number or non-driver identification card number; [or] (3) account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account; OR (4) BIOMETRIC INFORMATION, MEANING DATA GENERATED BY AUTOMATIC MEAS- UREMENTS OF AN INDIVIDUAL'S PHYSICAL CHARACTERISTICS, WHICH ARE USED BY THE OWNER OR LICENSEE TO AUTHENTICATE THE INDIVIDUAL'S IDENTITY; (II) A USER NAME OR EMAIL ADDRESS IN COMBINATION WITH A PASSWORD OR SECURITY QUESTION AND ANSWER THAT WOULD PERMIT ACCESS TO AN ONLINE ACCOUNT; OR (III) ANY UNSECURED PROTECTED HEALTH INFORMATION AS DEFINED IN THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (45 C.F.R. PTS. 160, 162, 164), AS AMENDED FROM TIME TO TIME.
Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.
Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.
Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.