Re: Details of New York Data Breach Bill?

[Keith Schoenefeld <schoenk () UTULSA EDU>]

Am I reading this completely wrong, or does it not require notification
of affected people that are not New York residents?

-- KS

Karl D. Hassler wrote:

> Link to the New York State Technology Law:
>
> http://public.leginfo.state.ny.us/menugetf.cgi?COMMONQUERY=LAWS
> Go to the link - you may have to try twice - its slow.
>
> Click on GBS for General Business Law
> Click on Article 39-F;
> Click on Section 899-aa. It says that "Any  person or business which
> conducts business in New York state, and which owns or licenses
> computerized  data  which  includes  private information shall  disclose
>   any breach  of the security of the system following discovery or
> notification of the breach in the security of the system to any resident
> of New York state whose private information was, or is reasonably
> believed to have been, acquired by a person without valid authorization."
>
> To me, you must be doing business in New York to fall under this section
> of the law.
>
> To find section 208 of the State Technology Law (mentioned in both S3492
> and A4254, from the above link:
>
> Click on STT for State Technology
> Click on Article 2
> Click on Section 208 - Notification
>
> Section 208 only references State entities.


--
Keith Schoenefeld
Manager of College Computer Services
ENS Computer Services (ECS)
College of Engineering and Natural Sciences
The University of Tulsa
Phone: 918-631-2548
Fax: 918-631-5089