Magazine article American Banker

New York Attorney General Looks to Strengthen Data Security Laws

Magazine article American Banker

New York Attorney General Looks to Strengthen Data Security Laws

Article excerpt

Byline: Evan Nemeroff

New York Attorney General Eric Schneiderman is proposing legislation to strengthen data security laws to protect consumers from having their personal data stolen.

There currently is no law in New York that requires businesses to institute data security measures to protect consumer information. If a data breach occurs, companies only have to notify affected individuals if their "private information" was compromised.

Schneiderman's proposed bill would require business to notify a consumer if their email and passwords as well as security questions and answers were stolen in the event of a data breach or unauthorized disclosure. The definition of "private information" (for the purpose of notification) would also expand to include data about a consumer's medical information and health insurance. Currently, "private information" only pertains to protecting an individual's Social Security number, driver's license and credit card number. California has already implemented a similar rule.

Furthermore, all companies that collect "private information" should have security measures installed to protect this data. Schneiderman said this includes training employees to assess risks and instituting technical safeguards to identify threats within a business's network and respond to possible attacks. Businesses would have to obtain third-party audits and certifications annually confirming that they are complying with these data security requirements, Schneiderman said.

Schneiderman is also looking to provide businesses that implement robust data security a safe harbor against investigations by the Attorney General and potential consumer liability if a data breach occurs. In order to be part of this safe harbor, entities would be required to categorize their information systems based on the risk a data breach imposes, to develop a more secure internal data security plan. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.