NY State Senate Bill 2019-S3582

Senate Bill S3582

Signed By Governor

2019-2020 Legislative Session

Relates to requiring a consumer credit reporting agency to offer identity theft prevention and mitigation services in the case of a breach of the security of such agency's system

download bill text pdf

Archive: Last Bill Status Via A2374 - Signed by Governor

Introduced
- In Committee Assembly
- In Committee Senate
- On Floor Calendar Assembly
- On Floor Calendar Senate
- Passed Assembly
- Passed Senate
Delivered to Governor
Signed By Governor

Please enter your contact information

First Name

Last Name

Email Address

A valid email address is required.

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

View Actions

	Assembly Actions - Lowercase Senate Actions - UPPERCASE
Jul 25, 2019	signed chap.115
Jul 22, 2019	delivered to governor
Jun 19, 2019	returned to assembly passed senate 3rd reading cal.870 substituted for s3582
Jun 19, 2019	substituted by a2374
May 29, 2019	advanced to third reading
May 22, 2019	2nd report cal.
May 21, 2019	1st report cal.870
Feb 11, 2019	referred to consumer protection

Votes

- Jun 19, 2019 - Floor Vote
  A2374
  
  62
  
  Aye
  
  0
  
  Nay
  
  0
  
  Absent
  
  0
  
  Excused
  
  0
  
  Abstained
  - - Floor Vote: Jun 19, 2019
      
      aye (62)
      
      Addabbo Jr.
      
      Akshar
      
      Amedore
      
      Antonacci
      
      Bailey
      
      Benjamin
      
      Biaggi
      
      Boyle
      
      Breslin
      
      Brooks
      
      Carlucci
      
      Comrie
      
      Felder
      
      Flanagan
      
      Funke
      
      Gallivan
      
      Gaughran
      
      Gianaris
      
      Gounardes
      
      Griffo
      
      Harckham
      
      Helming
      
      Hoylman-Sigal
      
      Jackson
      
      Jacobs
      
      Jordan
      
      Kaminsky
      
      Kaplan
      
      Kavanagh
      
      Kennedy
      
      Krueger
      
      LaValle
      
      Lanza
      
      Little
      
      Liu
      
      Martinez
      
      May
      
      Mayer
      
      Metzger
      
      Montgomery
      
      Myrie
      
      O'Mara
      
      Ortt
      
      Parker
      
      Persaud
      
      Ramos
      
      Ranzenhofer
      
      Ritchie
      
      Rivera
      
      Robach
      
      Salazar
      
      Sanders Jr.
      
      Savino
      
      Sepúlveda
      
      Serino
      
      Serrano
      
      Seward
      
      Skoufis
      
      Stavisky
      
      Stewart-Cousins
      
      Tedisco
      
      Thomas
  May 21, 2019 - Consumer Protection Committee Vote
  S3582
  
  7
  
  Aye
  
  0
  
  Nay
  
  0
  
  Aye with Reservations
  
  0
  
  Absent
  
  0
  
  Excused
  
  0
  
  Abstained
  - - Consumer Protection Committee Vote: May 21, 2019
      
      aye (7)
      
      Comrie
      
      Jacobs
      
      Kavanagh
      
      Myrie
      
      Ramos
      
      Tedisco
      
      Thomas

co-Sponsors

2019-S3582 (ACTIVE) - Details

See Assembly Version of this Bill:: A2374
Law Section:: General Business Law
Laws Affected:: Amd §380-t, Gen Bus L
Versions Introduced in 2017-2018 Legislative Session:: S6923, A8695

2019-S3582 (ACTIVE) - Summary

Relates to requiring a consumer credit reporting agency to offer identity theft prevention and mitigation services in the case of a breach of the security of such agency's system.

2019-S3582 (ACTIVE) - Sponsor Memo

                                
 
BILL NUMBER: S3582

SPONSOR: COMRIE
 
TITLE OF BILL:

An act to amend the general business law, in relation to requiring a
consumer credit reporting agency to offer identity theft prevention and
mitigation services in the case of a breach of the security of such
agency's system

 
PURPOSE OR GENERAL IDEA OF BILL:

This bill would provide reasonable consumer protections following a
breach of consumer credit data at a credit reporting agency (CRA), when
such a breach involves social security numbers.

 
SUMMARY OF SPECIFIC PROVISIONS:

Section 1 amends subdivision n of section 380-t of the general business
law by adding a new paragraph 3 that would require that when a credit
reporting agency suffers a breach of information containing consumer

social security numbers, the CRA must provide lifetime identity theft
prevention services, and if applicable, identity theft mitigation
services to affected customers. Additionally, this new paragraph would
prohibit fees relating to the implementation and lifting of security
freezes on consumer credit reports, if those reports were part of a
breach of information containing social security numbers.

Section 2 amends subdivision q of section 380-t of the general business
law by including new language to be included in a consumers summary of
rights CRAs must provide consumers on credit freezes to inform them that
in the instance of a breach of date involving a social security number,
that a consumer has the right to freeze their credit at no cost.

Section 3 sets the effective date.

 
JUSTIFICATION:

In late July 2017, one of the three main CRAs, Equifax Inc., experienced
a major data breach involving personal information that included theft
of social security numbers. At the time it was widely reported to impact
over 140 million accounts, but the full extent of the breach is still
uncertain. CRAs have been the subject of public scrutiny in years past
for their inaccurate files kept on unknowing consumers and the cumber-
some process they subject average people to in order to rectify such
errors. The magnitude of this breach won't be known for years, but the
status quo where consumers must bear the burden to protect their own
identities is unacceptable. To date, Equifax has offered to waive fees
for security freezes for a short time period, and offered 12 months of
identity theft prevention services at no charge. This response is simply
insufficient given that innocent people's information was stolen through
no fault of their own. This legislation aims to establish the minimal
amount of long term protection consumers could ask for, and even still
it is just that, the bare minimum.

 
PRIOR LEGISLATIVE HISTORY:

2017-18- A.8695A - Passed Assembly/S.6923A - Referred to Consumer
Protection
 
FISCAL IMPLICATIONS TO THE STATE:

None to the state.

 
EFFECTIVE DATE:
This act shall take effect on the sixtieth day after it shall have
become a law and shall apply to any breach of the security of a consumer
credit reporting agency that occurred no more than three years prior to
the effective date of this act.

2019-S3582 (ACTIVE) - Bill Text download pdf

                            
 
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                   3582
 
                        2019-2020 Regular Sessions
 
                             I N  S E N A T E
 
                             February 11, 2019
                                ___________
 
 Introduced  by  Sen.  COMRIE -- read twice and ordered printed, and when
   printed to be committed to the Committee on Consumer Protection
 
 AN ACT to amend the general business law, in  relation  to  requiring  a
   consumer  credit  reporting  agency to offer identity theft prevention
   and mitigation services in the case of a breach  of  the  security  of
   such agency's system
 
   THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section 1. Subdivision (n) of section 380-t of  the  general  business
 law is amended by adding a new paragraph 3 to read as follows:
   (3)(I) UPON A BREACH OF THE SECURITY OF THE SYSTEM OF A CONSUMER CRED-
 IT  REPORTING  AGENCY  WHICH  INCLUDES  ANY SOCIAL SECURITY NUMBER, SUCH
 AGENCY SHALL OFFER TO EACH CONSUMER, WHOSE INFORMATION, INCLUDING SOCIAL
 SECURITY NUMBER, WAS BREACHED OR IS REASONABLY  BELIEVED  TO  HAVE  BEEN
 BREACHED, REASONABLE IDENTITY THEFT PREVENTION SERVICES AND, IF APPLICA-
 BLE,  IDENTIFY THEFT MITIGATION SERVICES FOR A PERIOD NOT TO EXCEED FIVE
 YEARS AT NO COST TO SUCH CONSUMERS. SUCH AGENCY SHALL PROVIDE ALL INFOR-
 MATION NECESSARY FOR SUCH CONSUMERS TO ENROLL IN SUCH SERVICES AND SHALL
 INCLUDE INFORMATION ON HOW SUCH CONSUMERS CAN REQUEST A SECURITY FREEZE.
 A CONSUMER CREDIT REPORTING AGENCY SHALL NOT BE REQUIRED TO  OFFER  SUCH
 SERVICES  IF,  AFTER AN APPROPRIATE INVESTIGATION, THE AGENCY REASONABLY
 DETERMINES THAT THE BREACH OF SECURITY IS UNLIKELY TO RESULT IN HARM  TO
 THE CONSUMERS WHOSE INFORMATION HAS BEEN BREACHED.
   (II)  "BREACH OF THE SECURITY OF THE SYSTEM" AS USED IN THIS PARAGRAPH
 SHALL HAVE THE SAME DEFINITION AS IN PARAGRAPH (C) OF SUBDIVISION ONE OF
 SECTION EIGHT HUNDRED NINETY-NINE-AA OF THIS CHAPTER.
   § 2.  This act shall take effect on the sixtieth day  after  it  shall
 have  become  a law and shall apply to any breach of the security of the
 system of a consumer credit reporting agency that occurred no more  than
 three years prior to the effective date of this act.
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.
                                                            LBD01262-01-9

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Senate Bill S3582

Share this bill

Sponsored By

Leroy Comrie