The legislation was passed in June by the State Senate of New York and was signed into law by state governor George Pataki last week. It is modeled on a similar bill, SB1386, passed in California in 2003. Since then many incidents have come to light, including data breaches at LexisNexis, ChoicePoint and CardSystems.
"The new law applies to businesses and state government agencies that maintain databases when there is a breach involving the acquisition of information such as Social Security numbers, credit card numbers, drivers licenses, and other vulnerable personal information," New York State Assembly member James Brennan (D-Brooklyn) told Red Herring. Brennan sponsored the bill.
The new law will mean that companies with customers in New York State will have to notify consumers of any breach as soon as possible. The law also puts an onus on local governments in New York to develop a similar policy. It also gives the New York Attorney General the ability to seek a court order if the company fails to comply.
Last week, SC Magazine reported that a flaw in Verizon's online billing system allowed hackers to potentially view customer data.