senate Bill S2540

2019-2020 Legislative Session

Relates to notification of a data breach

download bill text pdf

Sponsored By

Current Bill Status - In Senate Committee Rules Committee


  • Introduced
  • In Committee
  • On Floor Calendar
    • Passed Senate
    • Passed Assembly
  • Delivered to Governor
  • Signed/Vetoed by Governor

Your Voice

do you support this bill?

Please enter your contact information

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

view actions (5)
Assembly Actions - Lowercase
Senate Actions - UPPERCASE
Jun 20, 2019 committed to rules
May 08, 2019 advanced to third reading
May 07, 2019 2nd report cal.
May 06, 2019 1st report cal.556
Jan 28, 2019 referred to internet and technology

Votes

view votes

May 6, 2019 - Internet and Technology committee Vote

S2540
7
0
committee
7
Aye
0
Nay
0
Aye with Reservations
0
Absent
0
Excused
0
Abstained
show Internet and Technology committee vote details

Internet and Technology Committee Vote: May 6, 2019

Co-Sponsors

view additional co-sponsors

S2540 (ACTIVE) - Details

Current Committee:
Senate Rules
Law Section:
General Business Law
Laws Affected:
Amd §899-aa, Gen Bus L
Versions Introduced in 2017-2018 Legislative Session:
S6880

S2540 (ACTIVE) - Summary

Provides that a business must provide notification of a data breach within 15 days of such breach; includes the department of financial services to the list of entities that must be notified of a data breach that affects any New York resident.

S2540 (ACTIVE) - Sponsor Memo

S2540 (ACTIVE) - Bill Text download pdf


                    S T A T E   O F   N E W   Y O R K
________________________________________________________________________

                                  2540

                       2019-2020 Regular Sessions

                            I N  S E N A T E

                            January 28, 2019
                               ___________

Introduced  by  Sens.  COMRIE, ADDABBO, BAILEY, BROOKS, FELDER, KENNEDY,
  KRUEGER -- read twice and ordered printed,  and  when  printed  to  be
  committed to the Committee on Internet and Technology

AN ACT to amend the general business law, in relation to notification of
  a data breach

  THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section 1. Subdivisions 2 and 3 of section 899-aa of the general busi-
ness law, as added by chapter 442 of the laws of 2005,  are  amended  to
read as follows:
  2.  Any  person or business which conducts business in New York state,
and which owns or licenses  computerized  data  which  includes  private
information  shall  disclose  any  breach  of the security of the system
following discovery or notification of the breach in the security of the
system to any resident of New York state whose private information  was,
or  is  reasonably  believed  to have been, acquired by a person without
valid authorization. The disclosure shall be made in the most  expedient
time  possible  and  without  unreasonable  delay, [consistent with] AND
SHALL BE MADE WITHIN FIFTEEN DAYS AFTER THE BREACH HAS BEEN  DISCOVERED,
EXCEPT  FOR  the  legitimate  needs  of  law enforcement, as provided in
subdivision four of this section[, or any measures necessary  to  deter-
mine the scope of the breach and restore the reasonable integrity of the
system].
  3.  Any  person  or  business  which maintains computerized data which
includes private information which such person or business does not  own
shall  notify  the owner or licensee of the information of any breach of
the security of the system immediately AND WITHIN FIFTEEN DAYS following
discovery, if the private information was, or is reasonably believed  to
have been, acquired by a person without valid authorization.

 EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                      [ ] is old law to be omitted.
                                                           LBD08659-01-9

Comments

Open Legislation comments facilitate discussion of New York State legislation. All comments are subject to moderation. Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity or hate speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Comment moderation is generally performed Monday through Friday.

By contributing or voting you agree to the Terms of Participation and verify you are over 13.