Mandatory breach notification to be N.Y. law

By

As of Friday, New York state companies no longer have a choice of notifying customers of an identity breach.

The state's Information Security Breach and Notification Act, which goes into effect this week, puts the Empire State in the company of 18 others requiring full disclosure to customers after a breach.


State Assemblyman James Brennan, D-Brooklyn, said, "It's only natural to think (a breach-notification law) should be compulsory in New York."

"ID theft is becoming a major national problem. We've had a number of examples," he said. "We want that company knowing that they should notify all its customers."

Brennan said most businesses he talked to were "pretty supportive" of the new legislation. All businesses operating within New York state are subject to the law.

The law, similar to California's 2-year-old SB1386, was passed in June by the state General Assembly and signed into law by Republican Gov. George Pataki.

Defining personal information as Social Security numbers, driver's licenses, non-driver identification cards, bank, credit and debit card numbers and security access codes and passwords, the law requires companies to notify customers of any breach of unencrypted personal information.

It also threatens non-compliant companies with a fine of up to $10 per failed notification.

Gordon Rapkin, CEO of Protegrity, a company based in neighboring Connecticut, said most corporations "have already dealt with" similiar laws when doing business in other states.

"It's a good thing New York passed it, with many breaches around in the not-so-distant past," he said.

Rapkin said embarrassment from a breach, and other costs, may serve as more of a deterrent than the fine.

"Just the act of notifying everyone will cost you a fortune," he said. "I think that's the real deterrent."

www.state.ny.us

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

Service NSW centralises security, networking in mammoth CloudOps overhaul

Service NSW centralises security, networking in mammoth CloudOps overhaul

VicRoads to phase out passwords in favour of passkeys

VicRoads to phase out passwords in favour of passkeys

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

Log In

  |  Forgot your password?