Businesses must notify New Yorkers when their financial and personal information has been compromised under a measure that has become law in New York.
The Information Security Breach and Notification Act, which takes effect in December, will require businesses that maintain computerized customer records to notify consumers whose information has been violated.
The bill has had the support of the Independent Insurance Agents & Brokers of New York, Inc. since its introduction by State Sen. Charles J. Fuschillo, Jr. (R-Freeport) and Assemblyman James F. Brennan (D-Kings).
IIABNY said it helped lawmakers in streamlining the legislation, making it less burdensome to the business community.
According to the bill’s language, “unauthorized acquisition of computerized data which compromises the security of personal information maintained by a state entity, person or business” will be notified through a variety of methods, including in writing and electronically.
“There were three triggers to this bill that IIABNY wanted to see clearly established,” said Todd A. Gold, a vice president with Barrett Associates, IIABNY’s legislative representative. “The first is a business having reason to believe that a security breach has actually happened and not that some hacker has just tested the system.
“Secondly, the business must determine the extent of the violation.
“Finally, it is required to notify only those people whose information has reasonably believed to have been acquired, rather than the entire database of people.”
The law allows businesses to determine the extent of the violation, but would also hold them accountable for not following the necessary steps of victim notification. According to the legislation, failure to inform consumers whose information has been breached is punishable by a fine of up to $150,000.
IIABNY whose headquarters is in Dewitt, represents more than 1,900 agencies and their 18,000 employees.
Was this article valuable?
Here are more articles you may enjoy.