New York passed a bill amending breach of security disclosure requirements. Under the bill, New York’s breach of security disclosure requirements now apply in the event of unauthorized access to user names and e-mail addresses (accessed in combination with passwords or security questions and answers).
The bill also:
- Revised the definition of “private information”;
- Amended the mandated content of the security breach disclosure;
- Provided a presumption of compliance with respect to the security breach disclosure requirement;
- Amended the manner in which a security breach disclosure must be provided to an affected individual in the event the breach of security involves information that permits access to the individual’s e-mail account; and
- Provided an exemption to the security breach disclosure requirement;
In addition, the bill requires businesses that own or license private information of a New York resident to maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information (including disposal of the data).
The bill becomes effective October 25, 2019.
See New York State Assembly website for the full text of the Statute:
https://nyassembly.gov/leg/?default_fld=&leg_video=&bn=S05575&term=0&Summary=Y&Text=Y
