Assembly Actions -
Lowercase Senate Actions - UPPERCASE |
|
---|---|
Apr 16, 2024 |
reported referred to codes |
Jan 25, 2024 |
referred to consumer affairs and protection |
Assembly Bill A8872
2023-2024 Legislative Session
Sponsored By
SAYEGH
Current Bill Status - In Assembly Committee
- Introduced
-
- In Committee Assembly
- In Committee Senate
-
- On Floor Calendar Assembly
- On Floor Calendar Senate
-
- Passed Assembly
- Passed Senate
- Delivered to Governor
- Signed By Governor
Actions
2023-A8872 (ACTIVE) - Details
2023-A8872 (ACTIVE) - Bill Text download pdf
S T A T E O F N E W Y O R K ________________________________________________________________________ 8872 I N A S S E M B L Y January 25, 2024 ___________ Introduced by M. of A. SAYEGH -- read once and referred to the Committee on Consumer Affairs and Protection AN ACT to amend the general business law, in relation to notification of a data breach THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. The opening paragraph of subdivision 2 and subdivision 3 of section 899-aa of the general business law, as amended by chapter 117 of the laws of 2019, are amended to read as follows: Any person or business which owns or licenses computerized data which includes private information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the system to any resident of New York state whose private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization. The disclosure shall be made in the most expedient time possible and without unreasonable delay, [consistent with] AND SHALL BE MADE WITHIN FIFTEEN DAYS AFTER THE BREACH HAS BEEN DISCOVERED, EXCEPT FOR the legitimate needs of law enforcement, as provided in subdivision four of this section[, or any measures necessary to determine the scope of the breach and restore the integrity of the system]. 3. Any person or business which maintains computerized data which includes private information which such person or business does not own shall notify the owner or licensee of the information of any breach of the security of the system [immediately] WITHIN FIFTEEN DAYS following discovery, if the private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization. § 2. Paragraph (a) of subdivision 8 of section 899-aa of the general business law, as amended by chapter 117 of the laws of 2019, is amended to read as follows: (a) In the event that any New York residents are to be notified, the person or business shall notify the state attorney general, the depart- ment of state and the division of state police AND THE DEPARTMENT OF FINANCIAL SERVICES as to the timing, content and distribution of the EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted.
Comments
Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.
Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.
Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.