INFORMATION SECURITY BREACH AND NOTIFICATION ACT. 208 of the State Technology Law (STL) and § 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or Debit Card number plus security code, access code or password which permits access to an individual's financial account, shall disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected shall occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York shall also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxxx://xxx.xx.xxx/eiso.
Appears in 4 contracts
Samples: online.ogs.ny.gov, online.ogs.ny.gov, online.ogs.ny.gov
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. 208 of the State Technology Law (STL) and § 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or Debit Card debit card number plus security code, access code or password which permits access to an individual's financial account, shall must disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected shall must occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York shall must also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxxx://xxx.xx.xxx/eiso.
Appears in 1 contract
Samples: online.ogs.ny.gov
INFORMATION SECURITY BREACH AND NOTIFICATION ACT. 208 of the State Technology Law (STL) and § 899-aa of the General Business Law (GBL) require that State entities and persons or businesses conducting business in New York who own or license computerized data which includes private information including an individual's unencrypted personal information plus one or more of the following: social security number, driver's license number or non-driver ID, account number, credit or Debit Card debit card number plus security code, access code or password which permits access to an individual's financial account, shall must disclose to a New York resident when their private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Disclosure of breach of that private information to all individuals affected or potentially affected shall must occur in the most expedient time possible without unreasonable delay, after necessary measures to determine the scope of the breach and to restore integrity, but with delay if law enforcement determines it impedes a criminal investigation. When notification is necessary, the State entity or person or business conducting business in New York shall must also notify the following New York State agencies: the Attorney General, the Office of Cyber Security & Critical Infrastructure Coordination (CSCIC) and the Consumer Protection Board (CPB). Information relative to the law and the notification process is available at: xxxxx://xxx.xx.xxx/eiso.xxxxx://xxx.xx.xxx/breach- notification-and-incident-reporting
Appears in 1 contract
