Bill Text: NY A02500 | 2021-2022 | General Assembly | Introduced
Bill Title: Relates to imposing a five-day time limit during which to disclose a breach in the security of a system.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Introduced - Dead) 2022-01-05 - referred to consumer affairs and protection [A02500 Detail]
Download: New_York-2021-A02500-Introduced.html
STATE OF NEW YORK ________________________________________________________________________ 2500 2021-2022 Regular Sessions IN ASSEMBLY January 19, 2021 ___________ Introduced by M. of A. SANTABARBARA -- read once and referred to the Committee on Consumer Affairs and Protection AN ACT to amend the general business law, in relation to disclosure of breaches of the security of the system The People of the State of New York, represented in Senate and Assem- bly, do enact as follows: 1 Section 1. Subdivision 2 of section 899-aa of the general business 2 law, as added by chapter 117 of the laws of 2019, is amended to read as 3 follows: 4 2. Any person or business which owns or licenses computerized data 5 which includes private information shall disclose any breach of the 6 security of the system [following] within five days of the discovery or 7 notification of the breach in the security of the system to any resident 8 of New York state whose private information was, or is reasonably 9 believed to have been, accessed or acquired by a person without valid 10 authorization. [The disclosure shall be made in the most expedient time11possible and without unreasonable delay, consistent with the legitimate12needs of law enforcement, as provided in subdivision four of this13section, or any measures necessary to determine the scope of the breach14and restore the integrity of the system.] 15 § 2. This act shall take effect immediately. EXPLANATION--Matter in italics (underscored) is new; matter in brackets [] is old law to be omitted. LBD04649-01-1
