InfoBytes Blog
NY AG Plans to Propose Bill that would Strengthen Data Security and Consumer Protection Laws
On January 15, New York AG Eric Schneiderman announced that he intends to propose legislation that would “overhaul New York State’s data security law and require new and unprecedented safeguards for the personal data of consumers.” Specifically, the bill would (i) make companies responsible for protecting a broader range of information by expanding the definition of “private information;” (ii) require better data security measures for entities that collect and/or store private information; and (iii) create a safe harbor for companies that would shield them from liability if they adopt heightened security practices. In addition, the proposal would incentivize companies to share forensic data with authorities in the event of a data breach by ensuring that disclosure does not affect the company’s privileges. The proposed legislation follows New York AG’s release of a July 2014 report, which examined the growing number of data breaches occurring within the state. Schneiderman expects the new law to be “the strongest, most comprehensive in the nation… [making] [New York] a national model for data privacy and security.”