Assembly Bill A7897

2019-2020 Legislative Session

Requires certain businesses to offer identity theft prevention and mitigation services in the case of a security breach

download bill text pdf

Sponsored By

Archive: Last Bill Status - In Assembly Committee

  • Introduced
    • In Committee Assembly
    • In Committee Senate
    • On Floor Calendar Assembly
    • On Floor Calendar Senate
    • Passed Assembly
    • Passed Senate
  • Delivered to Governor
  • Signed By Governor

Do you support this bill?

Please enter your contact information

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.
Actions

2019-A7897 (ACTIVE) - Details

See Senate Version of this Bill:
S5721
Current Committee:
Assembly Consumer Affairs And Protection
Law Section:
General Business Law
Laws Affected:
Amd §899-aa, Gen Bus L
Versions Introduced in Other Legislative Sessions:
2021-2022: A3088, S3161
2023-2024: A1725, S700

2019-A7897 (ACTIVE) - Summary

Requires certain businesses to offer identity theft prevention and mitigation services in the case of a security breach; exempts businesses under financial hardship.

2019-A7897 (ACTIVE) - Bill Text download pdf 

                            
 
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                   7897
 
                        2019-2020 Regular Sessions
 
                           I N  A S S E M B L Y
 
                               May 28, 2019
                                ___________
 
 Introduced by M. of A. DINOWITZ -- read once and referred to the Commit-
   tee on Consumer Affairs and Protection
 
 AN  ACT  to  amend  the  general  business law, in relation to requiring
   certain businesses to offer identity theft prevention  and  mitigation
   services in the case of a security breach

   THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section 1. Section 899-aa of the general business law  is  amended  by
 adding a new subdivision 10 to read as follows:
   10. (A) WHERE A SECURITY BREACH FROM A PERSON OR BUSINESS OTHER THAN A
 CONSUMER  CREDIT REPORTING AGENCY INCLUDES A SOCIAL SECURITY NUMBER, AND
 THAT PERSON OR BUSINESS IS REQUIRED TO PROVIDE NOTICE UNDER  SUBDIVISION
 TWO  OF  THIS SECTION, THAT PERSON OR BUSINESS SHALL OFFER EACH RESIDENT
 OF THIS STATE WHOSE SOCIAL SECURITY NUMBER WAS DISCLOSED IN  THE  BREACH
 OF  SECURITY  OR  IS  REASONABLY  BELIEVED TO HAVE BEEN DISCLOSED IN THE
 BREACH OF SECURITY, REASONABLE CREDIT REPORT MONITORING, IDENTITY  THEFT
 PREVENTION  SERVICES  AND,  IF  APPLICABLE,  IDENTITY  THEFT  MITIGATION
 SERVICES AT NO COST TO SAID RESIDENT FOR A PERIOD OF NOT LESS THAN TWEN-
 TY-FOUR MONTHS. THE DISCLOSURE  REQUIRED  BY  SUBDIVISION  TWO  OF  THIS
 SECTION  SHALL  INCLUDE  INFORMATION  FOR ANY RESIDENT OF NEW YORK STATE
 WHOSE SOCIAL SECURITY NUMBER WAS DISCLOSED AS A RESULT OF A DATA  BREACH
 TO  OBTAIN  FREE,  REASONABLE  CREDIT  REPORT MONITORING, IDENTITY THEFT
 PREVENTION  SERVICES  AND,  IF  APPLICABLE,  IDENTITY  THEFT  MITIGATION
 SERVICES AS DESCRIBED IN THIS SECTION.
   (B)  THE  REQUIREMENT  TO PROVIDE TWENTY-FOUR MONTHS OF IDENTITY THEFT
 MITIGATION SERVICES SHALL NOT APPLY TO ANY INDIVIDUAL  PERSON  OR  SMALL
 BUSINESS  AS  DEFINED  IN SECTION ONE HUNDRED THIRTY-ONE OF THE ECONOMIC
 DEVELOPMENT LAW THAT CAN DEMONSTRATE A FINANCIAL HARDSHIP DIRECTLY OWING
 TO SUCH COMPLIANCE. A REQUEST FOR A FINANCIAL HARDSHIP WAIVER  SHALL  BE
 MADE  TO  THE  COMMISSIONER OF THE DEPARTMENT OF FINANCIAL SERVICES ON A
 FORM PRESCRIBED BY THE DEPARTMENT OF FINANCIAL SERVICES.
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.