NY State Senate Bill 2021-S7786

Senate Bill S7786

Signed By Governor

2021-2022 Legislative Session

Relates to the notification of certain state agencies of a breach of the security system or a breach of the security network

download bill text pdf

Archive: Last Bill Status - Signed by Governor

Introduced
- In Committee Assembly
- In Committee Senate
- On Floor Calendar Assembly
- On Floor Calendar Senate
- Passed Assembly
- Passed Senate
Delivered to Governor
Signed By Governor

Please enter your contact information

First Name

Last Name

Email Address

A valid email address is required.

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

View Actions

	Assembly Actions - Lowercase Senate Actions - UPPERCASE
Feb 24, 2022	signed chap.107 delivered to governor
Jan 31, 2022	returned to senate passed assembly ordered to third reading cal.343 substituted for a8793
Jan 24, 2022	referred to governmental operations delivered to assembly passed senate
Jan 18, 2022	ordered to third reading cal.155
Jan 11, 2022	referred to rules

Votes

- Jan 24, 2022 - Floor Vote
  S7786
  
  62
  
  Aye
  
  0
  
  Nay
  
  0
  
  Absent
  
  1
  
  Excused
  
  0
  
  Abstained
  - - Floor Vote: Jan 24, 2022
      
      aye (62)
      
      Addabbo Jr.
      
      Akshar
      
      Bailey
      
      Biaggi
      
      Borrello
      
      Boyle
      
      Breslin
      
      Brisport
      
      Brouk
      
      Cleare
      
      Comrie
      
      Cooney
      
      Felder
      
      Gallivan
      
      Gaughran
      
      Gianaris
      
      Gounardes
      
      Griffo
      
      Harckham
      
      Helming
      
      Hinchey
      
      Hoylman-Sigal
      
      Jackson
      
      Jordan
      
      Kaminsky
      
      Kaplan
      
      Kavanagh
      
      Kennedy
      
      Krueger
      
      Lanza
      
      Liu
      
      Mannion
      
      Martucci
      
      Mattera
      
      May
      
      Mayer
      
      Myrie
      
      O'Mara
      
      Oberacker
      
      Ortt
      
      Palumbo
      
      Parker
      
      Persaud
      
      Ramos
      
      Rath III
      
      Reichlin-Melnick
      
      Ritchie
      
      Rivera
      
      Ryan
      
      Salazar
      
      Sanders Jr.
      
      Savino
      
      Sepúlveda
      
      Serino
      
      Serrano
      
      Skoufis
      
      Stavisky
      
      Stec
      
      Stewart-Cousins
      
      Tedisco
      
      Thomas
      
      Weik
      
      excused (1)
      
      Brooks
  Jan 18, 2022 - Rules Committee Vote
  S7786
  
  20
  
  Aye
  
  0
  
  Nay
  
  1
  
  Aye with Reservations
  
  0
  
  Absent
  
  0
  
  Excused
  
  0
  
  Abstained
  - - Rules Committee Vote: Jan 18, 2022
      
      aye (20)
      
      Addabbo Jr.
      
      Bailey
      
      Biaggi
      
      Boyle
      
      Breslin
      
      Comrie
      
      Gallivan
      
      Gianaris
      
      Griffo
      
      Kennedy
      
      Krueger
      
      Liu
      
      Mayer
      
      O'Mara
      
      Ortt
      
      Parker
      
      Ritchie
      
      Savino
      
      Sepúlveda
      
      Stewart-Cousins
      
      aye wr (1)
      
      Lanza

2021-S7786 (ACTIVE) - Details

See Assembly Version of this Bill:: A8793
Law Section:: State Technology Law
Laws Affected:: Amd §209, St Tech L (as proposed in S.7019 & A.7612)

2021-S7786 (ACTIVE) - Summary

Relates to the notification of certain state agencies of a breach of the security system or a breach of the security network.

2021-S7786 (ACTIVE) - Sponsor Memo

2021-S7786 (ACTIVE) - Bill Text download pdf

                             
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                   7786
 
                             I N  S E N A T E
 
                             January 11, 2022
                                ___________
 
 Introduced  by  Sen. KRUEGER -- read twice and ordered printed, and when
   printed to be committed to the Committee on Rules
 
 AN ACT to amend the state technology law, in relation to  the  notifica-
   tion  of  certain  agencies  of  a  breach of the security system or a
   breach of the security network
 
   THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section  1.  Section  209  of  the state technology law, as added by a
 chapter of the laws of 2021 amending the state technology  law  relating
 to  the  notification  of  certain  state  agencies  of a data breach or
 network security breach, as proposed in  legislative  bills  numbers  S.
 7019 and A.  7612, is amended to read as follows:
   § 209. Notification of [data] A breach [or network] OF THE security OF
 THE  SYSTEM  OR A breach OF NETWORK SECURITY; shared data. 1. The office
 shall, within twenty-four hours  [following  the  discovery  of  a  data
 breach  or  network security breach or receiving notice of a data breach
 or network security breach] OF EITHER BEING  NOTIFIED  OF  OR  RECEIVING
 EVIDENCE  OF  A  BREACH  OF  THE  SECURITY OF THE SYSTEM, OR A BREACH OF
 NETWORK SECURITY, AS DEFINED IN PARAGRAPHS (A) AND  (B)  OF  SUBDIVISION
 THREE  OF THIS SECTION, notify the chief information officer, [and where
 appropriate,] the chief information security officer, AND  WHERE  APPRO-
 PRIATE, THE CYBER SECURITY COORDINATOR of any state entity with which it
 shares  data, provides networked services or shares a network connection
 whose data, services or connection is [or may have been the subject  of]
 REASONABLY  SUSPECTED  TO BE AFFECTED BY ANY such breach [whether or not
 such data was, or is reasonably believed to have been, acquired or  used
 by an unauthorized person].
   2. The office shall[, in addition to the provisions of subdivision one
 of  this  section,  notify]  PROVIDE the chief information officer, [and
 where appropriate,] the chief information security  officer,  AND  WHERE
 APPROPRIATE, THE CYBER RISK COORDINATOR of [such] ANY state entity [with
 which  it  shares  data, provides networked services or shares a network
 connection and whose data is or  may  have  been  the  subject  of  such
 breach,  of],  WHO HAS BEEN NOTIFIED PURSUANT TO SUBDIVISION ONE OF THIS
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.

                                                            LBD10523-02-2
 S. 7786                             2
 
 SECTION, WITH  its  plan  for  remediation  of  the  breach  and  future
 protection of such data and network.
   3. For purposes of this section:
   (a) ["Data breach" shall mean an intentional or unintentional incident
 where  data  is  disclosed, released, stolen, or taken without the know-
 ledge or authorization of the data's owner or steward]  "BREACH  OF  THE
 SECURITY  OF THE SYSTEM" SHALL HAVE THE SAME MEANING AS DEFINED IN PARA-
 GRAPH (B) OF SUBDIVISION ONE OF SECTION TWO HUNDRED EIGHT OF THIS  ARTI-
 CLE.
   (b)  ["Network  security breach" shall mean an intentional or uninten-
 tional incident where an unauthorized party  has  gained  access  to  an
 organization's  network  without  the  knowledge or authorization of the
 network owner or steward] "BREACH OF NETWORK SECURITY" SHALL MEAN  UNAU-
 THORIZED  ACCESS  TO OR ACCESS WITHOUT VALID AUTHORIZATION OF A COMPUTER
 NETWORK WHICH COMPROMISES THE SECURITY, CONFIDENTIALITY, OR INTEGRITY OF
 SUCH NETWORK.
   (c) "State entity" shall [mean  any  state  board,  bureau,  division,
 committee,  commission,  council,  department,  public authority, public
 benefit corporation, office or other governmental  entity  performing  a
 governmental  or proprietary function for the state of New York, includ-
 ing the state legislature and the judiciary] HAVE THE  SAME  MEANING  AS
 PROVIDED  BY  PARAGRAPH  (C)  OF  SUBDIVISION ONE OF SECTION TWO HUNDRED
 EIGHT OF THIS ARTICLE.
   § 2. This act shall take effect on the  same  date  and  in  the  same
 manner  as  a  chapter of the laws of 2021 amending the state technology
 law relating to the notification of certain state  agencies  of  a  data
 breach  or  network  security  breach,  as proposed in legislative bills
 numbers S.  7019 and A. 7612, takes effect.

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.