New York Attorney General Recommends Tougher Data Security Law
New York’s data security law is weak and should be overhauled to require businesses to protect the personal information of consumers and employees, the state’s top law enforcement official said Wednesday.
New York Attorney General Eric Schneiderman said that in the event of a data breach or unauthorized disclosure, companies and employers are merely required to notify affected individuals if “private information” is compromised. That includes Social Security, driver’s license and account or credit card numbers, but not email addresses and passwords, security questions, medical history and health insurance information.
Schneiderman proposed making employers and retailers responsible for protecting all that personal information, while giving them protection from liability if they meet certain security standards.
“With some of the largest-ever data breaches occurring in just the last year, it’s long past time we updated our data security laws and expanded protections for consumers,” Schneiderman said. “We must also remind ourselves that companies can be victims, and that those who take responsible steps to protect customers should be rewarded.”
According to a July report from the attorney general’s office, security breaches reported by businesses, nonprofits and governments in New York more than tripled between 2006 and 2013, exposing 22.8 million personal records of New Yorkers in nearly 5,000 incidents.
The proposed legislation would require entities that collect or store private information to have “reasonable” security measures, including administrative, technical and physical safeguards to assess risks from employees, computer networks and software. They would also have to have the means to detect, prevent and respond to attacks and protect the physical areas where information is stored. They would need independent third-party compliance audits and certifications annually.
- US High Court Declines Appeal, Upholds Coverage Ruling on Treated Wood
- Fake Bear Attacks on Car for Fraudulent Insurance Claims Lead to Arrests
- Allstate Thinking Outside the Cubicle With Flexible Workspaces
- Survey: Majority of P/C Insurance Decision makers Say Industry Will Be Powered by AI in Future