|Assembly Actions - Lowercase
Senate Actions - UPPERCASE
|Jan 06, 2016||referred to consumer protection|
|Apr 22, 2015||referred to consumer protection|
senate Bill S4887
Archive: Last Bill Status - In Senate Committee Consumer Protection Committee
- In Committee
- On Floor Calendar
- Passed Senate
- Passed Assembly
- Delivered to Governor
- Signed/Vetoed by Governor
S4887 - Details
S4887 - Sponsor Memo
BILL NUMBER:S4887 TITLE OF BILL: An act to amend the general business law and the state technology law, in relation to the data security act PURPOSE: New York's data security law is outdated and out of touch. The current legal framework is weak and reactive. The purpose of this bill is to expand protection of consumer's "private information," and reward businesses who adopt model data security procedures. First, this bill expands protection by broadening the definition of private information. Second, this bill strengthens protection by requiring companies to adopt reasonable data security standards. Finally, this bill rewards businesses who adopt heightened data security standards by creating a series of presumptions and safe harbors. SUMMARY OF PROVISIONS: Section 1 Provides that the act shall be known and may be cited as the data security act. Section 2. Amends the definition of "private information" in the General Business Law § 899-aa to include biometric information (i.e., data generated by automatic measurements of an individual's physical characteristics, which are used by the owner or licensee to authenticate the individual's identity), online credentials (i.e., a user name or email address in combination with a password or security
S4887 - Bill Text download pdf
S T A T E O F N E W Y O R K ________________________________________________________________________ 4887 2015-2016 Regular Sessions I N S E N A T E April 22, 2015 ___________ Introduced by Sen. VENDITTO -- (at request of the Attorney General) -- read twice and ordered printed, and when printed to be committed to the Committee on Consumer Protection AN ACT to amend the general business law and the state technology law, in relation to the data security act THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. This act shall be known and may be cited as the "data secu- rity act". S 2. The opening paragraph and paragraph (b) of subdivision 1 of section 899-aa of the general business law, as added by chapter 442 of the laws of 2005, are amended to read as follows: As used in this section, AND SECTION EIGHT HUNDRED NINETY-NINE-BB OF THIS ARTICLE, the following terms shall have the following meanings: (b) "Private information" shall mean EITHER: (I) personal information consisting of any information in combination with any one or more of the following data elements, when either the personal information or the data element is not encrypted, or encrypted with an encryption key that has also been acquired: (1) social security number; (2) driver's license number or non-driver identification card number; [or] (3) account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account; OR (4) BIOMETRIC INFORMATION, MEANING DATA GENERATED BY AUTOMATIC MEAS- UREMENTS OF AN INDIVIDUAL'S PHYSICAL CHARACTERISTICS, WHICH ARE USED BY THE OWNER OR LICENSEE TO AUTHENTICATE THE INDIVIDUAL'S IDENTITY; (II) A USER NAME OR EMAIL ADDRESS IN COMBINATION WITH A PASSWORD OR SECURITY QUESTION AND ANSWER THAT WOULD PERMIT ACCESS TO AN ONLINE ACCOUNT; OR (III) ANY UNSECURED PROTECTED HEALTH INFORMATION AS DEFINED IN THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (45 C.F.R. PTS. 160, 162, 164), AS AMENDED FROM TIME TO TIME.
Open Legislation comments facilitate discussion of New York State legislation. All comments are subject to moderation. Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity or hate speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Comment moderation is generally performed Monday through Friday.
By contributing or voting you agree to the Terms of Participation and verify you are over 13.