On July 25, New York Governor Andrew Cuomo signed into law a pair of bills establishing new requirements for businesses that process certain personal information related to New York residents.
The changes include expanding the scope of information covered by New York’s data breach notification law; defining breaches to include incidents involving unauthorized access to covered information, even where the information is not acquired; and requiring consumer reporting agencies who suffer breaches of social security numbers to offer up to 5 years of identity theft services. Businesses maintaining the private information of New York residents also will now be required to proactively develop “reasonable safeguards” within their organization as part of a new “reasonable security requirement.”
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
