Educause Security Discussion mailing list archives

Details of New York Data Breach Bill?

From: "Karl D. Hassler" <khassler () UDEL EDU>
Date: Tue, 15 Nov 2005 10:40:19 -0500


Link to the New York State Technology Law:

http://public.leginfo.state.ny.us/menugetf.cgi?COMMONQUERY=LAWS
Go to the link - you may have to try twice - its slow.

Click on GBS for General Business Law
Click on Article 39-F;
Click on Section 899-aa. It says that "Any  person or business which
conducts business in New York state, and which owns or licenses
computerized  data  which  includes  private information shall  disclose
  any breach  of the security of the system following discovery or
notification of the breach in the security of the system to any resident
of New York state whose private information was, or is reasonably
believed to have been, acquired by a person without valid authorization."

To me, you must be doing business in New York to fall under this section
of the law.

To find section 208 of the State Technology Law (mentioned in both S3492
and A4254, from the above link:

Click on STT for State Technology
Click on Article 2
Click on Section 208 - Notification

Section 208 only references State entities.

Attachment: khassler.vcf
Description:

Current thread:

Details of New York Data Breach Bill? Karl D. Hassler (Nov 15)
- <Possible follow-ups>
- Re: Details of New York Data Breach Bill? Keith Schoenefeld (Nov 15)
- Re: Details of New York Data Breach Bill? Jimmy Kuo (Nov 18)
- Re: Details of New York Data Breach Bill? Walter Matystik (Nov 18)