Data Security Legislation Proposed by New York Attorney General

New York Attorney General Eric Schneiderman announced on January 15 that he intends to propose legislation to rewrite the state’s data security law, in light of the many data breaches at various companies over the past year. Among the provisions in the proposed legislation are an expansion of the definition of “private information” to include email and password combinations, medical information, and health insurance information and new security requirements for companies to follow to both protect consumer data and in the event of a data breach or unauthorized disclosure of data. The bill also would set up a “safe harbor” from liability for companies that adopt a heightened form of security.  

The Attorney General’s office consulted widely with the business community on the legislation. More information about the Attorney General’s proposal can be found here.