NY Enacts Security Breaches Disclosure Law

Abstract

New York State has enacted a law requiring corporate or public organizations to notify individuals in the event that personal information about them has been compromised. Similar in concept to a California law that went into effect two years ago, the New York law compels organizations that store sensitive information to contact consumers as quickly as is practical if there is evidence or suspicion that data including Social Security numbers or credit card numbers have been unlawfully accessed. At least 15 other states have passed similar legislation since California did. New York State Assembly member James Brennan, sponsor of the legislation, said, "If a person is not aware that he or she has been a victim of identity theft, then the damage done could be severe and irreversible," noting that the sooner people are made aware of security breaches involving sensitive data, the better their chances are of avoiding the worst repercussions.