|Assembly Actions - Lowercase
Senate Actions - UPPERCASE
|Jan 09, 2019||referred to consumer protection|
senate Bill S133
Current Bill Status - In Senate Committee Consumer Protection Committee
- In Committee
- On Floor Calendar
- Passed Senate
- Passed Assembly
- Delivered to Governor
- Signed/Vetoed by Governor
S133 (ACTIVE) - Details
S133 (ACTIVE) - Sponsor Memo
BILL NUMBER: S133 SPONSOR: CARLUCCI TITLE OF BILL: An act to amend the general business law and the state technology law, in relation to notification of a security breach PURPOSE: New York's data breach notification law needs to be updated keep pace with current technology. This bill broadens the scope of information covered under the notification law and updates the notification require- ments when there has been a breach of data. It also broadens the defi- nition of a data breach to include an unauthorized person gaining access to information. It also requires reasonable data security, provides standards tailored to the size of a business, and provides protections from liability for certain entities. SUMMARY OF SPECIFIC PROVISIONS:
S133 (ACTIVE) - Bill Text download pdf
S T A T E O F N E W Y O R K ________________________________________________________________________ 133 2019-2020 Regular Sessions I N S E N A T E (PREFILED) January 9, 2019 ___________ Introduced by Sen. CARLUCCI -- read twice and ordered printed, and when printed to be committed to the Committee on Consumer Protection AN ACT to amend the general business law and the state technology law, in relation to notification of a security breach THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. This act shall be known and may be cited as the "Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)". § 2. The article heading of article 39-F of the general business law, as added by chapter 442 of the laws of 2005, is amended to read as follows: NOTIFICATION OF UNAUTHORIZED ACQUISITION OF PRIVATE INFORMATION; DATA SECURITY PROTECTIONS § 3. Subdivisions 1, 2, 3, 5, 6, 7 and 8 of section 899-aa of the general business law, subdivisions 1, 2, 3, 5, 6 and 7 as added by chap- ter 442 of the laws of 2005, paragraph (c) of subdivision 1, paragraph (a) of subdivision 6 and subdivision 8 as amended by chapter 491 of the laws of 2005 and paragraph (a) of subdivision 8 as amended by section 6 of part N of chapter 55 of the laws of 2013, are amended to read as follows: 1. As used in this section, the following terms shall have the follow- ing meanings: (a) "Personal information" shall mean any information concerning a natural person which, because of name, number, personal mark, or other identifier, can be used to identify such natural person; (b) "Private information" shall mean EITHER: (I) personal information consisting of any information in combination with any one or more of the following data elements, when either the DATA ELEMENT OR THE COMBINATION OF personal information [or] PLUS the data element is not encrypted, or EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted.
Open Legislation comments facilitate discussion of New York State legislation. All comments are subject to moderation. Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity or hate speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Comment moderation is generally performed Monday through Friday.
By contributing or voting you agree to the Terms of Participation and verify you are over 13.