|
 Schneiderman's proposal seeks to broaden the scope of information
that employers and retailers would be responsible to protect and
will require stronger technical and physical security measures for
protecting the information.
The proposal seeks to expand the definition of what constitutes
"private information" to include email addresses and passwords,
biometric information and health insurance details.
Companies are currently not required to report a data breach if it
is limited to the theft of email addresses and passwords.
"It's long past time we updated our data security laws and expanded
protections for consumers. We must also remind ourselves that
companies can be victims, and that those who take responsible steps
to protect customers should be rewarded," Schneiderman said.
All entities that are required to collect and store private
information will need to have reasonable security measures to
protect the information. The proposal will also give businesses incentives to implement
robust data-security measures by offering a safe harbor that would
provide them some protection from liability in lawsuits if they can
show that they took steps to protect private information.
In the event of a data breach, the state should incentivize
companies to share forensic reports with law enforcement officials,
according to the proposal.
If it becomes a law, New York's requirements would meet California
standards in terms of the breadth of information covered, and exceed
that state's standards in other ways, according to Matt Mittenthal,
a spokesman for Schneiderman.
[to top of second column] |
The announcement comes just as President Obama has proposed to
improve cyber security standards, including updating its security
breach reporting by standardizing the patchwork of 46 state laws by
putting in place a single notice requirement.
A report by Schneiderman in July last year said the number of
reported data security breaches in New York more than tripled
between 2006 and 2013.
About 22.8 million personal records of New Yorkers have been exposed
in nearly 5,000 data breaches during the period, costing the public
and private sectors in New York more than $1.37 billion in 2013,
according to the report.
(Reporting by Rama Venkat Raman in Bangalore and Karen Freifeld in
New York; Editing by Gopakumar Warrier)
[© 2014 Thomson Reuters. All rights
reserved.]
Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
