senate Bill S6880

2017-2018 Legislative Session

Relates to notification of a data breach

download bill text pdf

Sponsored By

Archive: Last Bill Status - In Senate Committee Consumer Protection Committee


  • Introduced
  • In Committee
  • On Floor Calendar
    • Passed Senate
    • Passed Assembly
  • Delivered to Governor
  • Signed/Vetoed by Governor

Your Voice

do you support this bill?

Please enter your contact information

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

view actions (2)
Assembly Actions - Lowercase
Senate Actions - UPPERCASE
Jan 03, 2018 referred to consumer protection
Sep 20, 2017 referred to rules

Co-Sponsors

view additional co-sponsors

S6880 (ACTIVE) - Details

Current Committee:
Senate Consumer Protection
Law Section:
General Business Law
Laws Affected:
Amd §899-aa, Gen Bus L
Versions Introduced in Other Legislative Sessions:
2019-2020: S2540
2021-2022: S5808

S6880 (ACTIVE) - Summary

Provides that a business must provide notification of a data breach within 15 days of such breach; includes the department of financial services to the list of entities that must be notified of a data breach that affects any New York resident.

S6880 (ACTIVE) - Sponsor Memo

S6880 (ACTIVE) - Bill Text download pdf


                    S T A T E   O F   N E W   Y O R K
________________________________________________________________________

                                  6880

                       2017-2018 Regular Sessions

                            I N  S E N A T E

                           September 20, 2017
                               ___________

Introduced  by  Sen.  COMRIE -- read twice and ordered printed, and when
  printed to be committed to the Committee on Rules

AN ACT to amend the general business law, in relation to notification of
  a data breach

  THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section 1. Subdivisions 2 and 3 of section 899-aa of the general busi-
ness  law,  as  added by chapter 442 of the laws of 2005, are amended to
read as follows:
  2. Any person or business which conducts business in New  York  state,
and  which  owns  or  licenses  computerized data which includes private
information shall disclose any breach of  the  security  of  the  system
following discovery or notification of the breach in the security of the
system  to any resident of New York state whose private information was,
or is reasonably believed to have been, acquired  by  a  person  without
valid  authorization. The disclosure shall be made in the most expedient
time possible and without  unreasonable  delay,  [consistent  with]  AND
SHALL  BE MADE WITHIN FIFTEEN DAYS AFTER THE BREACH HAS BEEN DISCOVERED,
EXCEPT FOR the legitimate needs  of  law  enforcement,  as  provided  in
subdivision  four  of this section[, or any measures necessary to deter-
mine the scope of the breach and restore the reasonable integrity of the
system].
  3. Any person or business  which  maintains  computerized  data  which
includes  private information which such person or business does not own
shall notify the owner or licensee of the information of any  breach  of
the security of the system immediately AND WITHIN FIFTEEN DAYS following
discovery,  if the private information was, or is reasonably believed to
have been, acquired by a person without valid authorization.
  § 2. Paragraph (a) of subdivision 8 of section 899-aa of  the  general
business  law,  as  amended  by section 6 of part N of chapter 55 of the
laws of 2013, is amended to read as follows:

 EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                      [ ] is old law to be omitted.

Comments

Open Legislation comments facilitate discussion of New York State legislation. All comments are subject to moderation. Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity or hate speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Comment moderation is generally performed Monday through Friday.

By contributing or voting you agree to the Terms of Participation and verify you are over 13.