senate Bill S7940B

Vetoed By Governor
2017-2018 Legislative Session

Relates to clarifying that continuing care retirement communities are not subject to certain cybersecurity regulations

download bill text pdf

Sponsored By

Archive: Last Bill Status Via A10486 - Vetoed by Governor


  • Introduced
  • In Committee
  • On Floor Calendar
    • Passed Senate
    • Passed Assembly
  • Delivered to Governor
  • Vetoed by Governor

Your Voice

do you support this bill?

Please enter your contact information

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

view actions (15)
Assembly Actions - Lowercase
Senate Actions - UPPERCASE
Dec 07, 2018 tabled
vetoed memo.293
Nov 26, 2018 delivered to governor
Jun 18, 2018 returned to assembly
passed senate
3rd reading cal.1387
substituted for s7940b
Jun 18, 2018 substituted by a10486b
Jun 14, 2018 amended on third reading 7940b
Jun 04, 2018 advanced to third reading
May 31, 2018 2nd report cal.
May 30, 2018 1st report cal.1387
May 01, 2018 print number 7940a
May 01, 2018 amend and recommit to insurance
Mar 12, 2018 referred to insurance

Co-Sponsors

S7940 - Details

See Assembly Version of this Bill:
A10486
Law Section:
Insurance Law
Laws Affected:
Amd §1119, Ins L
Versions Introduced in 2019-2020 Legislative Session:
A1185

S7940 - Summary

Authorizes continuing care retirement communities to adopt a written cybersecurity policy and requires such policies to be self-certified and approved by the superintendent.

S7940 - Sponsor Memo

S7940 - Bill Text download pdf


                    S T A T E   O F   N E W   Y O R K
________________________________________________________________________

                                  7940

                            I N  S E N A T E

                             March 12, 2018
                               ___________

Introduced  by  Sens.  SEWARD, AKSHAR -- read twice and ordered printed,
  and when printed to be committed to the Committee on Insurance

AN ACT to amend the  insurance  law,  in  relation  to  clarifying  that
  continuing  care  retirement communities are not subject to department
  of financial services cybersecurity regulations

  THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section  1.  Section  1119 of the insurance law is amended by adding a
new subsection (d) to read as follows:
  (D) EXCEPT AS EXPRESSLY REQUIRED  BY  THIS  SECTION,  AN  ORGANIZATION
AUTHORIZED  TO  OPERATE UNDER ARTICLE FORTY-SIX OF THE PUBLIC HEALTH LAW
SHALL NOT BE SUBJECT TO  THE  JURISDICTION  OF  THE  SUPERINTENDENT  AND
REQUIRED  TO  COMPLY WITH RULES AND REGULATIONS OF THE SUPERINTENDENT ON
MATTERS UNRELATED TO THE PROVISIONS OF THIS SECTION, INCLUDING, BUT  NOT
LIMITED  TO,  REGULATIONS  RELATING  TO  CYBERSECURITY  REQUIREMENTS FOR
FINANCIAL SERVICES COMPANIES.
  § 2. This act shall take effect immediately.






 EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                      [ ] is old law to be omitted.
                                                           LBD15067-01-8

Co-Sponsors

S7940A - Details

See Assembly Version of this Bill:
A10486
Law Section:
Insurance Law
Laws Affected:
Amd §1119, Ins L
Versions Introduced in 2019-2020 Legislative Session:
A1185

S7940A - Summary

Authorizes continuing care retirement communities to adopt a written cybersecurity policy and requires such policies to be self-certified and approved by the superintendent.

S7940A - Sponsor Memo

S7940A - Bill Text download pdf


                    S T A T E   O F   N E W   Y O R K
________________________________________________________________________

                                 7940--A

                            I N  S E N A T E

                             March 12, 2018
                               ___________

Introduced  by  Sens.  SEWARD, AKSHAR -- read twice and ordered printed,
  and when printed to be committed to  the  Committee  on  Insurance  --
  committee  discharged,  bill amended, ordered reprinted as amended and
  recommitted to said committee

AN ACT to amend the  insurance  law,  in  relation  to  clarifying  that
  continuing  care  retirement communities are not subject to department
  of financial services cybersecurity regulations

  THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section  1.  Section  1119 of the insurance law is amended by adding a
new subsection (d) to read as follows:
  (D) EXCEPT AS EXPRESSLY REQUIRED  BY  THIS  SECTION,  AN  ORGANIZATION
AUTHORIZED  TO  OPERATE UNDER ARTICLE FORTY-SIX OF THE PUBLIC HEALTH LAW
SHALL NOT BE SUBJECT TO  THE  JURISDICTION  OF  THE  SUPERINTENDENT  AND
REQUIRED  TO  COMPLY WITH RULES AND REGULATIONS OF THE SUPERINTENDENT ON
MATTERS UNRELATED TO THE PROVISIONS OF THIS SECTION, INCLUDING, BUT  NOT
LIMITED  TO,  REGULATIONS  RELATING  TO  CYBERSECURITY  REQUIREMENTS FOR
FINANCIAL SERVICES COMPANIES.    SUCH  ORGANIZATIONS  SHALL  INSTEAD  BE
SUBJECT  TO THE JURISDICTION OF THE DEPARTMENT OF HEALTH ON SUCH MATTERS
UNRELATED TO THE PROVISIONS OF THIS  SECTION,  INCLUDING  ANY  PERTINENT
REGULATIONS OR OVERSIGHT REGARDING CYBERSECURITY REQUIREMENTS.
  § 2. This act shall take effect immediately.





 EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                      [ ] is old law to be omitted.
                                                           LBD15067-02-8

Co-Sponsors

S7940B (ACTIVE) - Details

See Assembly Version of this Bill:
A10486
Law Section:
Insurance Law
Laws Affected:
Amd §1119, Ins L
Versions Introduced in 2019-2020 Legislative Session:
A1185

S7940B (ACTIVE) - Summary

Authorizes continuing care retirement communities to adopt a written cybersecurity policy and requires such policies to be self-certified and approved by the superintendent.

S7940B (ACTIVE) - Sponsor Memo

S7940B (ACTIVE) - Bill Text download pdf


                    S T A T E   O F   N E W   Y O R K
________________________________________________________________________

                                 7940--B
    Cal. No. 1387

                            I N  S E N A T E

                             March 12, 2018
                               ___________

Introduced  by  Sens.  SEWARD, AKSHAR -- read twice and ordered printed,
  and when printed to be committed to  the  Committee  on  Insurance  --
  committee  discharged,  bill amended, ordered reprinted as amended and
  recommitted to said committee -- reported favorably from said  commit-
  tee,  ordered  to first and second report, ordered to a third reading,
  amended and ordered reprinted, retaining its place  in  the  order  of
  third reading

AN  ACT  to  amend  the  insurance  law,  in relation to clarifying that
  continuing care retirement communities are not subject  to  department
  of financial services cybersecurity regulations

  THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section 1. Section 1119 of the insurance law is amended  by  adding  a
new subsection (d) to read as follows:
  (D) SUCH ORGANIZATION MAY ADOPT A WRITTEN CYBERSECURITY POLICY THAT IS
DESIGNED  TO  PROTECT  THE  CONFIDENTIALITY,  INTEGRITY  AND SECURITY OF
NONPUBLIC INFORMATION AND IS IN COMPLIANCE WITH: (I) THE HEALTH INFORMA-
TION TECHNOLOGY FOR ECONOMIC AND CLINICAL  HEALTH  ACT  ("HITECH"),  THE
HEALTH  INSURANCE  PORTABILITY  AND  ACCOUNTABILITY  ACT  ("HIPAA"), THE
GRAMM-LEACH-BLILEY ACT; AND (II) ALL OTHER APPLICABLE CYBERSECURITY  AND
PRIVACY  PROTECTIONS  GOVERNING NURSING HOMES, ADULT CARE FACILITIES AND
ASSISTED LIVING RESIDENCES TO THE EXTENT THE  PROTECTIONS  GOVERN  THOSE
COMPONENTS  OF  SUCH ORGANIZATION'S OPERATIONS. THE CYBERSECURITY POLICY
SHALL BE SELF-CERTIFIED BY SUCH  ORGANIZATION  AND  SUCH  SELF-CERTIFIED
CYBERSECURITY  POLICY SHALL BE FILED WITH THE SUPERINTENDENT.  THE SELF-
CERTIFICATION  SHALL  ATTEST  THAT  THE   POLICY   PROVIDES   SUFFICIENT
PROTECTIONS OF NONPUBLIC INFORMATION IN A MANNER WHICH IS NOT INCONSIST-
ENT  WITH  THE  GOALS OF THE CYBERSECURITY POLICIES ADOPTED BY FINANCIAL
SERVICES COMPANIES PURSUANT TO REGULATIONS  PROMULGATED  BY  THE  SUPER-
INTENDENT.  SUCH  SELF-CERTIFICATION SHALL BE DEEMED COMPLIANT WITH SUCH
REGULATIONS APPLICABLE TO FINANCIAL SERVICES COMPANIES. THE  SUPERINTEN-
DENT  SHALL  REVIEW  THE ACCURACY AND REASONABLENESS OF THE ATTESTATION.
UNLESS THE SUPERINTENDENT OBJECTS TO THE ATTESTATION WITHIN  SIXTY  DAYS
FROM  THE  DATE  IT  IS  SUBMITTED,  SUCH  ATTESTATION  SHALL  BE DEEMED
APPROVED.

Comments

Open Legislation comments facilitate discussion of New York State legislation. All comments are subject to moderation. Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity or hate speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Comment moderation is generally performed Monday through Friday.

By contributing or voting you agree to the Terms of Participation and verify you are over 13.