Senate Bill S6474A

2023-2024 Legislative Session

Relates to requiring governmental entities to implement multifactor authentication for local and remote network access

download bill text pdf

Archive: Last Bill Status - In Senate Committee Finance Committee

Introduced
- In Committee Assembly
- In Committee Senate
- On Floor Calendar Assembly
- On Floor Calendar Senate
- Passed Assembly
- Passed Senate
Delivered to Governor
Signed By Governor

Please enter your contact information

First Name

Last Name

Email Address

A valid email address is required.

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

View Actions

Date of Action	Assembly Actions - Lowercase Senate Actions - UPPERCASE
Jun 03, 2024	print number 6474a
Jun 03, 2024	amend and recommit to finance
May 07, 2024	reported and committed to finance
Jan 03, 2024	referred to internet and technology
May 22, 2023	reported and committed to finance
Apr 21, 2023	referred to internet and technology

Votes

- May 7, 2024 - Internet And Technology Committee Vote
  S6474A
  
  Aye
  
  5
  
  Nay
  
  0
  
  Aye with Reservations
  
  2
  
  Absent
  
  0
  
  Excused
  
  0
  
  Abstained
  
  0
  - - Internet And Technology Committee Vote: May 7, 2024
      
      aye (5)
      
      Brouk
      
      Comrie
      
      Gonzalez
      
      Parker
      
      Ryan
      
      aye wr (2)
      
      Canzoneri-Fitzpatrick
      
      Stec
  May 23, 2023 - Internet And Technology Committee Vote
  S6474A
  
  Aye
  
  5
  
  Nay
  
  1
  
  Aye with Reservations
  
  1
  
  Absent
  
  0
  
  Excused
  
  0
  
  Abstained
  
  0
  - - Internet And Technology Committee Vote: May 23, 2023
      
      aye (5)
      
      Brouk
      
      Comrie
      
      Gonzalez
      
      Parker
      
      Ryan
      
      nay (1)
      
      Walczyk
      
      aye wr (1)
      
      Stec

Bill Amendments

Original

A (Active)

2023-S6474 - Details

See Assembly Version of this Bill:: A7331
Current Committee:: Senate Finance
Law Section:: State Technology Law
Laws Affected:: Amd §202, add §§210 - 212, St Tech L
Versions Introduced in Other Legislative Sessions:: 2021-2022: S2652
2025-2026: S1139, A6347

2023-S6474 - Summary

Requires governmental entities to, whenever possible and feasible, consider implementing multifactor authentication for local and remote network access; requires public websites to encrypt all exchanges and to comply with privacy standards.

2023-S6474 - Sponsor Memo

                                 
BILL NUMBER: S6474

SPONSOR: GONZALEZ
 
TITLE OF BILL:

An act to amend the state technology law, in relation to requiring
governmental entities to implement multifactor authentication for local
and remote network access

 
PURPOSE:

Amends the State Technology Law to require alL government entities in
the State to require muttifactor authentication for access to the serv-
ers, email or official applications used by their employees or agents.

 
SUMMARY OF PROVISIONS:

Section 1 adds new subdivisions 9 and 10 to Section 202 of the State
Technology Law, which sets definitions for the terms "governmental enti-
ty" and "multifactor authentication."

Section 2 adds new sections 210, 211, and 212 to the state technology

law.

Section 210 adds muttifactor authentication requirements and provides
for technical standards and waivers.

Section 211 adds privacy requirements regarding the use of multifactor
authentication using biometric information.

Section 212 adds encryption requirements for all government websites.

Section 3 sets the effective date.

 
JUSTIFICATION:

Cyberattacks on public entities are occurring with increasing frequency.
In Microsoft's 2021 cybersecurity report, 48% of all cybersecurityat-
tacks targeted government entities. Since 2017, more than 3,600 local,
state, and tribal governments across the country have been targeted by
ransomware hackers, which is just one type of cyberattack. Lapses in
cybersecurity could require the state's most essential services to
decide between paying expensive ransoms or losing access to systems.

Multifactor authentication (MFA) can significantly reduce the vulner-
ability of public systems. According to GoogLe, multifactor can prevent
100% of automated bots, up to 99% of bulk phishing attacks and up to 90%
of targeted attacks. According to Microsoft, an account is 99.9% less
likely to be compromised when using MFA. Therefore requiring the use of
MFA at sensitive governmental institutions is an important step the
state can take to improve its cybersecurity preparedness.

Importantly, MFA is cost effective to implement due to the connectivity
of devices and web applications. Requiring governmental agencies to use
this technology is a tow-cost proposition that can greatly increase
protection against cyberattacks.

 
LEGISLATIVE HISTORY:

2021-2022: New bill S2652; referred to Internet and Technology Commit-
tee; referred to Finance

 
FISCAL IMPLICATIONS:

To be determined.

 
EFFECTIVE DATE:
This act shall take effect one year after becoming law.

2023-S6474 - Bill Text download pdf

                             
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                   6474
 
                        2023-2024 Regular Sessions
 
                             I N  S E N A T E
 
                              April 21, 2023
                                ___________
 
 Introduced  by Sen. GONZALEZ -- read twice and ordered printed, and when
   printed to be committed to the Committee on Internet and Technology
 
 AN ACT to amend the state  technology  law,  in  relation  to  requiring
   governmental  entities  to  implement  multifactor  authentication for
   local and remote network access

   THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section  1.  Section  202  of  the  state technology law is amended by
 adding two new subdivisions 9 and 10 to read as follows:
   9. "GOVERNMENTAL ENTITY" SHALL MEAN ANY  STATE  OR  LOCAL  DEPARTMENT,
 BOARD,  BUREAU, DIVISION, COMMISSION, COMMITTEE, SCHOOL DISTRICT, PUBLIC
 AUTHORITY, PUBLIC BENEFIT CORPORATION, COUNCIL OR OFFICE, INCLUDING  ALL
 ENTITIES  DEFINED PURSUANT TO SECTION TWO OF THE PUBLIC AUTHORITIES LAW.
 SUCH TERM SHALL INCLUDE THE STATE UNIVERSITY OF NEW YORK  AND  THE  CITY
 UNIVERSITY  OF  NEW  YORK.  FURTHER, SUCH TERM SHALL INCLUDE ANY COUNTY,
 CITY, TOWN OR VILLAGE BUT SHALL NOT INCLUDE THE JUDICIARY OR  STATE  AND
 LOCAL LEGISLATURES.
   10.  "MULTIFACTOR AUTHENTICATION" SHALL MEAN USING TWO OR MORE DIFFER-
 ENT TYPES OF IDENTIFICATION CREDENTIALS TO ACHIEVE  AUTHENTICATION.  THE
 TYPES OF IDENTIFICATION CREDENTIALS SHALL INCLUDE:
   (A)  KNOWLEDGE-BASED CREDENTIALS, WHICH IS A KNOWLEDGE-BASED AUTHENTI-
 CATION THAT REQUIRES THE USER TO PROVIDE INFORMATION THAT THEY KNOW SUCH
 AS PASSWORDS OR PINS;
   (B)  POSSESSION-BASED  CREDENTIALS,  WHICH  IS   AUTHENTICATION   THAT
 REQUIRES  INDIVIDUALS  TO  HAVE  SOMETHING SPECIFIC IN THEIR POSSESSION,
 SUCH AS SECURITY TOKENS, KEY FOBS, SIM CARDS OR SMARTPHONE APPLICATIONS;
 AND
   (C) INHERENCE-BASED CREDENTIALS, WHICH IS AUTHENTICATION THAT REQUIRES
 USER-SPECIFIC BIOLOGICAL TRAITS TO CONFIRM IDENTITY FOR LOGIN,  SUCH  AS
 FINGERPRINTS OR FACIAL RECOGNITION.
   §  2. The state technology law is amended by adding three new sections
 210, 211, and 212 to read as follows:
   §  210.  MULTIFACTOR  AUTHENTICATION.  1.  MULTIFACTOR  AUTHENTICATION
 REQUIREMENT.  EVERY  GOVERNMENTAL  ENTITY  SHALL  IMPLEMENT  MULTIFACTOR

  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.
                                                            LBD09003-02-3
 S. 6474                             2
 
 AUTHENTICATION  FOR  LOCAL  AND  REMOTE  NETWORK  ACCESS  TO  ANY  EMAIL
 ACCOUNTS, CLOUD STORAGE ACCOUNTS, WEB APPLICATIONS, NETWORKS, DATABASES,
 OR  SERVERS,  MAINTAINED BY SUCH ENTITY OR ON BEHALF OF SUCH ENTITY, FOR
 THE  EMPLOYEES  AND OFFICERS OF SUCH ENTITY OR FOR ANY OTHER INDIVIDUALS
 PROVIDING SERVICES TO OR ON BEHALF OF SUCH ENTITY.
   2. TECHNICAL STANDARD. THE OFFICE SHALL PROMULGATE RULES TO  ESTABLISH
 STANDARD  TECHNICAL REQUIREMENTS FOR GOVERNMENTAL ENTITIES FOR COMPLYING
 WITH SUBDIVISION ONE OF THIS SECTION. SUCH  RULES  SHALL  INCLUDE  REGU-
 LATIONS  ADDRESSING INHERENCE-BASED CREDENTIALS INCLUDING PROPER STORAGE
 OF TRAITS RELATING TO USER-SPECIFIC BIOLOGICAL TRAITS.  SUCH RULES SHALL
 ADDITIONALLY INCLUDE PROVISIONS  REGARDING  COMPLIANCE  FOR  INDIVIDUALS
 WITH  DISABILITIES  OR SPECIAL NEEDS.  FOR THE PURPOSES OF THIS SUBDIVI-
 SION, THE OFFICE MAY USE AND REFER TO THE  GUIDELINES  PROVIDED  BY  THE
 NATIONAL  INSTITUTE  OF  STANDARDS  AND TECHNOLOGY, THE FEDERAL RISK AND
 AUTHORIZATION MANAGEMENT  PROGRAM  (FEDRAMP),  THE  FEDERAL  INFORMATION
 SECURITY MANAGEMENT ACT OF 2002 (FISMA) AND THE DEFENSE FEDERAL ACQUISI-
 TION REGULATION SUPPLEMENT (DFARS).
   3. WAIVERS. THE OFFICE, UPON APPLICATION BY A GOVERNMENTAL ENTITY, MAY
 COMPLETELY  OR PARTIALLY WAIVE THE REQUIREMENTS OF THIS SECTION FOR SUCH
 GOVERNMENTAL ENTITY. SUCH WAIVER SHALL BE VALID FOR NO LONGER  THAN  TWO
 YEARS AND SHALL BE REAPPROVED AFTER EXPIRATION. THE OFFICE SHALL PROMUL-
 GATE  RULES  TO  ESTABLISH THE APPLICATION PROCESS AND CRITERIA FOR SUCH
 WAIVERS.
   § 211. PRIVACY REQUIREMENTS. THIS SECTION SHALL APPLY TO  THE  USE  OF
 MULTIFACTOR  AUTHENTICATION  AT GOVERNMENTAL ENTITIES AND TO ANY VENDORS
 AND/OR THIRD-PARTY CONTRACTORS ADMINISTERING THE MULTIFACTOR AUTHENTICA-
 TION ON BEHALF OF THE GOVERNMENTAL ENTITY.
   1. NO GOVERNMENTAL ENTITY SHALL REQUIRE THE USE OF AN  INHERENCE-BASED
 CREDENTIAL TO ACCESS LOCAL AND/OR REMOTE NETWORK ACCESS.
   2.  NO GOVERNMENTAL ENTITY THAT FACILITATES THE USE OF INHERENCE-BASED
 CREDENTIALS TO ACCESS LOCAL AND REMOTE  NETWORK  ACCESS  SHALL  SELL  OR
 MONETIZE SUCH DATA.
   3.  NO GOVERNMENTAL ENTITY THAT FACILITATES THE USE OF INHERENCE-BASED
 CREDENTIALS TO ACCESS LOCAL AND REMOTE NETWORK ACCESS SHALL  SHARE  SUCH
 DATA WITH LAW ENFORCEMENT WITHOUT A WARRANT.
   4.  ANY GOVERNMENTAL ENTITY AND ANY APPLICABLE THIRD-PARTY CONTRACTORS
 THAT FACILITATE THE USE OF INHERENCE-BASED CREDENTIALS  SHALL  AGREE  TO
 COMPLY  WITH  THE  STANDARDS ESTABLISHED BY THE OFFICE AND ALL STATUTORY
 PRIVACY STANDARDS.
   § 212. PUBLIC WEBSITE ENCRYPTION. EVERY WEBSITE MAINTAINED  BY  OR  ON
 BEHALF  OF  A GOVERNMENTAL ENTITY SHALL ENCRYPT ALL EXCHANGES AND TRANS-
 FERS BETWEEN A WEB SERVER, MAINTAINED BY OR ON BEHALF OF A  GOVERNMENTAL
 ENTITY, AND A WEB BROWSER OF HYPERTEXT OR OF ELECTRONIC INFORMATION, AND
 REQUIRE  WEB  BROWSERS TO REQUEST SUCH ENCRYPTED EXCHANGE OR TRANSFER AT
 ALL TIMES FOR SUCH WEBSITES, PROVIDED THAT SUCH ENCRYPTION SHALL NOT  BE
 REQUIRED  IF  SUCH EXCHANGES OR TRANSFERS ARE CONDUCTED IN A MANNER THAT
 PROVIDES AT LEAST AN EQUIVALENT LEVEL OF CONFIDENTIALITY, DATA INTEGRITY
 AND AUTHENTICATION.
   § 3. This act shall take effect one year after it shall have become  a
 law.  Effective  immediately,  the addition, amendment, and/or repeal of
 any rule or regulation necessary for the implementation of this  act  on
 its  effective date are authorized to be made and completed on or before
 such effective date.

2023-S6474A (ACTIVE) - Details

See Assembly Version of this Bill:: A7331
Current Committee:: Senate Finance
Law Section:: State Technology Law
Laws Affected:: Amd §202, add §§210 - 212, St Tech L
Versions Introduced in Other Legislative Sessions:: 2021-2022: S2652
2025-2026: S1139, A6347

2023-S6474A (ACTIVE) - Summary

2023-S6474A (ACTIVE) - Sponsor Memo

                                 
BILL NUMBER: S6474A

SPONSOR: GONZALEZ
 
TITLE OF BILL:

An act to amend the state technology law, in relation to requiring
governmental entities to implement multifactor authentication for local
and remote network access

 
SUMMARY OF PROVISIONS:

Section 1 adds new subdivisions 9 and 10 to Section 202 of the State
Technology Law, which sets definitions for the terms "governmental enti-
ty" and "multifactor authentication."

Section 2 adds new sections 210, 211, and 212 to the state technology
law.

Section 210 adds multifactor authentication requirements and provides
for technical standards and waivers.

Section 211 adds privacy requirements regarding the use of multifactor
authentication using biometric information.

Section 212 adds encryption requirements for alt government websites.

Section 3 sets the effective date.

 
JUSTIFICATION:

Cyberattacks on public entities are occurring with increasing frequency.
In Microsoft's 2021 cybersecurity report, 48% of all cybersecurityat-
tacks targeted government entities. Since 2017, more than 3,600 local,
state, and tribal governments across the country have been targeted by
ransomware hackers, which is just one type of cyberattack. Lapses in
cybersecurity could require the state's most essential services to
decide between paying expensive ransoms or losing access to systems.

Multifactor authentication (MFA) can significantly reduce the vulner-
ability of public systems. According to Google, multifactor can prevent
100% of automated bots, up to 99% of bulk phishing attacks and up to 90%
of targeted attacks. According to Microsoft, an account is 99.9% less
likely to be compromised when using MFA. Therefore requiring the use of
MFA at sensitive governmental institutions is an important step the
state can take to improve its cybersecurity preparedness.

Importantly, MFA is cost effective to implement due to the connectivity
of devices and web applications. Requiring governmental agencies to use
this technology is a low-cost proposition that can greatly increase
protection against cyberattacks.

 
LEGISLATIVE HISTORY:

2021-2022: New bill S2652; referred to Internet and Technology Commit-
tee; referred to Finance

 
FISCAL IMPLICATIONS:

To be determined.
 
EFFECTIVE DATE:
This act shall take effect one year after becoming law.

2023-S6474A (ACTIVE) - Bill Text download pdf

                             
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                  6474--A
 
                        2023-2024 Regular Sessions
 
                             I N  S E N A T E
 
                              April 21, 2023
                                ___________
 
 Introduced  by Sen. GONZALEZ -- read twice and ordered printed, and when
   printed to be committed to the Committee on Internet and Technology --
   recommitted to the Committee on Internet and Technology in  accordance
   with  Senate  Rule 6, sec. 8 -- reported favorably from said committee
   and committed to the Committee on  Finance  --  committee  discharged,
   bill  amended,  ordered  reprinted  as amended and recommitted to said
   committee
 
 AN ACT to amend the state  technology  law,  in  relation  to  requiring
   governmental  entities  to  implement  multifactor  authentication for
   local and remote network access
 
   THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section  1.  Section  202  of  the  state technology law is amended by
 adding two new subdivisions 9 and 10 to read as follows:
   9. "GOVERNMENTAL ENTITY" SHALL MEAN ANY  STATE  OR  LOCAL  DEPARTMENT,
 BOARD,  BUREAU, DIVISION, COMMISSION, COMMITTEE, SCHOOL DISTRICT, PUBLIC
 AUTHORITY, PUBLIC BENEFIT CORPORATION, COUNCIL OR OFFICE, INCLUDING  ALL
 ENTITIES  DEFINED PURSUANT TO SECTION TWO OF THE PUBLIC AUTHORITIES LAW.
 SUCH TERM SHALL INCLUDE THE STATE UNIVERSITY OF NEW YORK  AND  THE  CITY
 UNIVERSITY  OF  NEW  YORK.  FURTHER, SUCH TERM SHALL INCLUDE ANY COUNTY,
 CITY, TOWN OR VILLAGE BUT SHALL NOT INCLUDE THE JUDICIARY OR  STATE  AND
 LOCAL LEGISLATURES.
   10.  "MULTIFACTOR AUTHENTICATION" SHALL MEAN USING TWO OR MORE DIFFER-
 ENT TYPES OF IDENTIFICATION CREDENTIALS TO ACHIEVE  AUTHENTICATION.  THE
 TYPES OF IDENTIFICATION CREDENTIALS SHALL INCLUDE:
   (A)  KNOWLEDGE-BASED CREDENTIALS, WHICH IS A KNOWLEDGE-BASED AUTHENTI-
 CATION THAT REQUIRES THE USER TO PROVIDE INFORMATION THAT THEY KNOW SUCH
 AS PASSWORDS OR PINS;
   (B)  POSSESSION-BASED  CREDENTIALS,  WHICH  IS   AUTHENTICATION   THAT
 REQUIRES  INDIVIDUALS  TO  HAVE  SOMETHING SPECIFIC IN THEIR POSSESSION,
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.
                                                            LBD09003-06-4
 S. 6474--A                          2

 
 SUCH AS SECURITY TOKENS, KEY FOBS, SIM CARDS OR SMARTPHONE APPLICATIONS;
 AND
   (C)  BIOMETRIC  INFORMATION, WHICH IS ANY MEASURABLE PHYSICAL, PHYSIO-
 LOGICAL OR BEHAVIORAL CHARACTERISTICS THAT ARE ATTRIBUTABLE TO A PERSON,
 INCLUDING BUT NOT LIMITED TO FACIAL CHARACTERISTICS, FINGERPRINT CHARAC-
 TERISTICS, HAND CHARACTERISTICS, EYE CHARACTERISTICS,  VOCAL  CHARACTER-
 ISTICS,  AND  ANY  OTHER  CHARACTERISTICS THAT CAN BE USED TO IDENTIFY A
 PERSON INCLUDING, BUT NOT LIMITED TO:  FINGERPRINTS; HANDPRINTS;  RETINA
 AND IRIS PATTERNS; DNA SEQUENCE; VOICE; GAIT; AND FACIAL GEOMETRY.
   §  2. The state technology law is amended by adding three new sections
 210, 211, and 212 to read as follows:
   §  210.  MULTIFACTOR  AUTHENTICATION.  1.  MULTIFACTOR  AUTHENTICATION
 REQUIREMENT.  EVERY  GOVERNMENTAL  ENTITY  SHALL,  WHENEVER POSSIBLE AND
 FEASABLE, CONSIDER IMPLEMENTING MULTIFACTOR AUTHENTICATION FOR LOCAL AND
 REMOTE NETWORK ACCESS TO ANY EMAIL ACCOUNTS, CLOUD STORAGE ACCOUNTS, WEB
 APPLICATIONS, NETWORKS, DATABASES, OR SERVERS, MAINTAINED BY SUCH ENTITY
 OR ON BEHALF OF SUCH ENTITY, FOR THE  EMPLOYEES  AND  OFFICERS  OF  SUCH
 ENTITY  OR  FOR ANY OTHER INDIVIDUALS PROVIDING SERVICES TO OR ON BEHALF
 OF SUCH ENTITY.
   2. TECHNICAL STANDARD. THE OFFICE SHALL PROMULGATE RULES TO  ESTABLISH
 STANDARD  TECHNICAL REQUIREMENTS FOR GOVERNMENTAL ENTITIES FOR COMPLYING
 WITH SUBDIVISION ONE OF THIS SECTION. SUCH  RULES  SHALL  INCLUDE  REGU-
 LATIONS  ADDRESSING  BIOMETRIC  INFORMATION  INCLUDING PROPER STORAGE OF
 TRAITS RELATING TO USER-SPECIFIC BIOLOGICAL TRAITS.   SUCH  RULES  SHALL
 ADDITIONALLY  INCLUDE  PROVISIONS  REGARDING  COMPLIANCE FOR INDIVIDUALS
 WITH DISABILITIES OR SPECIAL NEEDS.  FOR THE PURPOSES OF  THIS  SUBDIVI-
 SION,  THE  OFFICE  MAY  USE AND REFER TO THE GUIDELINES PROVIDED BY THE
 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY,  THE  FEDERAL  RISK  AND
 AUTHORIZATION  MANAGEMENT  PROGRAM  (FEDRAMP),  THE  FEDERAL INFORMATION
 SECURITY MANAGEMENT ACT OF 2002 (FISMA) AND THE DEFENSE FEDERAL ACQUISI-
 TION REGULATION SUPPLEMENT (DFARS).
   3. WAIVERS. THE OFFICE, UPON APPLICATION BY A GOVERNMENTAL ENTITY, MAY
 COMPLETELY OR PARTIALLY WAIVE THE REQUIREMENTS OF THIS SECTION FOR  SUCH
 GOVERNMENTAL  ENTITY.  SUCH WAIVER SHALL BE VALID FOR NO LONGER THAN TWO
 YEARS AND SHALL BE REAPPROVED AFTER EXPIRATION. THE OFFICE SHALL PROMUL-
 GATE RULES TO ESTABLISH THE APPLICATION PROCESS AND  CRITERIA  FOR  SUCH
 WAIVERS.
   §  211.  PRIVACY  REQUIREMENTS. THIS SECTION SHALL APPLY TO THE USE OF
 MULTIFACTOR AUTHENTICATION AT GOVERNMENTAL ENTITIES AND TO  ANY  VENDORS
 AND/OR THIRD-PARTY CONTRACTORS ADMINISTERING THE MULTIFACTOR AUTHENTICA-
 TION ON BEHALF OF THE GOVERNMENTAL ENTITY.
   1.  NO GOVERNMENTAL ENTITY SHALL REQUIRE THE USE OF BIOMETRIC INFORMA-
 TION TO ACCESS LOCAL AND/OR REMOTE NETWORK ACCESS.
   2. NO GOVERNMENTAL ENTITY THAT FACILITATES THE USE OF BIOMETRIC INFOR-
 MATION TO ACCESS LOCAL AND REMOTE NETWORK ACCESS SHALL SELL OR  MONETIZE
 SUCH DATA.
   3. NO GOVERNMENTAL ENTITY THAT FACILITATES THE USE OF BIOMETRIC INFOR-
 MATION  TO  ACCESS LOCAL AND REMOTE NETWORK ACCESS SHALL SHARE SUCH DATA
 WITH LAW ENFORCEMENT WITHOUT A WARRANT.
   4. ANY GOVERNMENTAL ENTITY AND ANY APPLICABLE THIRD-PARTY  CONTRACTORS
 THAT  FACILITATE  THE USE OF BIOMETRIC INFORMATION SHALL AGREE TO COMPLY
 WITH THE STANDARDS ESTABLISHED BY THE OFFICE AND ALL  STATUTORY  PRIVACY
 STANDARDS.
   §  212.  PUBLIC  WEBSITE ENCRYPTION. EVERY WEBSITE MAINTAINED BY OR ON
 BEHALF OF A GOVERNMENTAL ENTITY SHALL ENCRYPT ALL EXCHANGES  AND  TRANS-
 FERS  BETWEEN A WEB SERVER, MAINTAINED BY OR ON BEHALF OF A GOVERNMENTAL
 S. 6474--A                          3
 
 ENTITY, AND A WEB BROWSER OF HYPERTEXT OR OF ELECTRONIC INFORMATION, AND
 REQUIRE WEB BROWSERS TO REQUEST SUCH ENCRYPTED EXCHANGE OR  TRANSFER  AT
 ALL  TIMES FOR SUCH WEBSITES, PROVIDED THAT SUCH ENCRYPTION SHALL NOT BE
 REQUIRED  IF  SUCH EXCHANGES OR TRANSFERS ARE CONDUCTED IN A MANNER THAT
 PROVIDES AT LEAST AN EQUIVALENT LEVEL OF CONFIDENTIALITY, DATA INTEGRITY
 AND AUTHENTICATION.
   § 3. This act shall take effect one year after it shall have become  a
 law.  Effective  immediately,  the addition, amendment, and/or repeal of
 any rule or regulation necessary for the implementation of this  act  on
 its  effective date are authorized to be made and completed on or before
 such effective date.

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Find your Senator and share your views on important issues.

Do you support this bill?

Senate Bill S6474A

Sponsored By

Archive: Last Bill Status - In Senate Committee Finance Committee

Actions

Votes

May 7, 2024 - Internet And Technology Committee Vote

Internet And Technology Committee Vote: May 7, 2024

May 23, 2023 - Internet And Technology Committee Vote

Internet And Technology Committee Vote: May 23, 2023

Bill Amendments

2023-S6474 - Details

2023-S6474 - Summary

2023-S6474 - Sponsor Memo

2023-S6474 - Bill Text download pdf

2023-S6474A (ACTIVE) - Details

2023-S6474A (ACTIVE) - Summary

2023-S6474A (ACTIVE) - Sponsor Memo

2023-S6474A (ACTIVE) - Bill Text download pdf

Comments

Do you support this bill?

Get Status Alerts for 2023-S6474A

Senate Bill S6474A

Share this bill

Sponsored By

Kristen Gonzalez

Archive: Last Bill Status - In Senate Committee Finance Committee

Actions

Votes

Bill Amendments

2023-S6474 - Details

2023-S6474 - Summary

2023-S6474 - Sponsor Memo

2023-S6474 - Bill Text download pdf

2023-S6474A (ACTIVE) - Details

2023-S6474A (ACTIVE) - Summary

2023-S6474A (ACTIVE) - Sponsor Memo

2023-S6474A (ACTIVE) - Bill Text download pdf

Comments