|Assembly Actions - Lowercase
Senate Actions - UPPERCASE
|Jan 03, 2018||referred to consumer protection|
|Sep 20, 2017||referred to rules|
senate Bill S6880
Archive: Last Bill Status - In Senate Committee Consumer Protection Committee
- In Committee
- On Floor Calendar
- Passed Senate
- Passed Assembly
- Delivered to Governor
- Signed/Vetoed by Governor
S6880 (ACTIVE) - Details
S6880 (ACTIVE) - Sponsor Memo
BILL NUMBER: S6880 SPONSOR: COMRIE TITLE OF BILL: An act to amend the general business law, in relation to notification of a data breach SUMMARY OF PROVISIONS: This bill amends existing subdivisions 2 and 3 of section 899-aa of the general business law to provide that consumer reporting agencies that experience a data breach must disclose such breach within 15 days. JUSTIFICATION: On September 7th, 2017, one of three major consumer credit reporting agencies in the United States-Equifax-reported that hackers gained access to company data that potentially compromised sensitive informa- tion for 143 million American consumers - nearly 44% of the U.S. popu- lation. The breach included: social security numbers, driver's license
S6880 (ACTIVE) - Bill Text download pdf
S T A T E O F N E W Y O R K ________________________________________________________________________ 6880 2017-2018 Regular Sessions I N S E N A T E September 20, 2017 ___________ Introduced by Sen. COMRIE -- read twice and ordered printed, and when printed to be committed to the Committee on Rules AN ACT to amend the general business law, in relation to notification of a data breach THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. Subdivisions 2 and 3 of section 899-aa of the general busi- ness law, as added by chapter 442 of the laws of 2005, are amended to read as follows: 2. Any person or business which conducts business in New York state, and which owns or licenses computerized data which includes private information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the system to any resident of New York state whose private information was, or is reasonably believed to have been, acquired by a person without valid authorization. The disclosure shall be made in the most expedient time possible and without unreasonable delay, [consistent with] AND SHALL BE MADE WITHIN FIFTEEN DAYS AFTER THE BREACH HAS BEEN DISCOVERED, EXCEPT FOR the legitimate needs of law enforcement, as provided in subdivision four of this section[, or any measures necessary to deter- mine the scope of the breach and restore the reasonable integrity of the system]. 3. Any person or business which maintains computerized data which includes private information which such person or business does not own shall notify the owner or licensee of the information of any breach of the security of the system immediately AND WITHIN FIFTEEN DAYS following discovery, if the private information was, or is reasonably believed to have been, acquired by a person without valid authorization. § 2. Paragraph (a) of subdivision 8 of section 899-aa of the general business law, as amended by section 6 of part N of chapter 55 of the laws of 2013, is amended to read as follows: EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted.
Open Legislation comments facilitate discussion of New York State legislation. All comments are subject to moderation. Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity or hate speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Comment moderation is generally performed Monday through Friday.
By contributing or voting you agree to the Terms of Participation and verify you are over 13.