Senate Bill S8169

2025-2026 Legislative Session

Requires all state entities to notify affected individuals in the event of a data breach where information is compromised

download bill text pdf

Sponsored By

Current Bill Status - In Assembly Committee


  • Introduced
    • In Committee Assembly
    • In Committee Senate
    • On Floor Calendar Assembly
    • On Floor Calendar Senate
    • Passed Assembly
    • Passed Senate
  • Delivered to Governor
  • Signed By Governor

Do you support this bill?

Please enter your contact information

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.
Actions
Votes

2025-S8169 (ACTIVE) - Details

See Assembly Version of this Bill:
A8614
Current Committee:
Assembly Governmental Operations
Law Section:
State Technology Law
Laws Affected:
Amd §208, St Tech L

2025-S8169 (ACTIVE) - Summary

Requires all state entities, including local governments, to notify affected individuals in the event of a data breach where information is compromised; defines "cybersecurity incident".

2025-S8169 (ACTIVE) - Sponsor Memo

2025-S8169 (ACTIVE) - Bill Text download pdf

                             
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                   8169
 
                        2025-2026 Regular Sessions
 
                             I N  S E N A T E
 
                               May 16, 2025
                                ___________
 
 Introduced  by  Sen.  BYNOE  -- read twice and ordered printed, and when
   printed to be committed to the Committee on Internet and Technology
 
 AN ACT to amend the state technology law, in relation to prompt  notifi-
   cation  to  affected  individuals in the event of a data breach within
   certain state entities

   THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section  1.  Paragraphs (b) and (c) of subdivision 1 of section 208 of
 the state technology law, paragraph (b) of subdivision 1 as  amended  by
 chapter  491  of  the laws of 2005 and paragraph (c) of subdivision 1 as
 added by chapter 442 of the laws of 2005, are amended and  a  new  para-
 graph (e) is added to read as follows:
   (b)  "Breach  of  the  security of the system" shall mean unauthorized
 acquisition [or], acquisition without valid authorization, OR  UNAUTHOR-
 IZED  UTILIZATION  of  computerized data which compromises the security,
 confidentiality, or integrity of personal information  maintained  by  a
 state  entity.  Good  faith  acquisition  of  personal information by an
 employee or agent of a state entity for the purposes of  the  agency  is
 not  a  breach  of the security of the system, provided that the private
 information is not used or subject to unauthorized disclosure.
   In determining whether information has been acquired OR  UTILIZED,  or
 is  reasonably  believed  to have been acquired OR UTILIZED, by an unau-
 thorized person [or a], person without valid authorization OR  UNAUTHOR-
 IZED ENTITY, such state entity may consider the following factors, among
 others:
   (1) indications that the information is in the physical possession and
 control  of an unauthorized person, such as a lost or stolen computer or
 other device containing information; or
   (2) indications that the information has been downloaded or copied; or

  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.
                                                            LBD13104-03-5
 S. 8169                             2
 
              

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.