Loading chat...
NY A06769
Bill
Status
3/24/2025
Primary Sponsor
D. Billy Jones
Click for details
AI Summary
-
Requires all municipal corporations and public authorities to report cybersecurity incidents to the Division of Homeland Security and Emergency Services within 72 hours of discovering the incident
-
Mandates notification of ransom payments within 24 hours, followed by a written explanation within 30 days detailing the payment amount, reasons for payment, alternatives considered, and compliance with federal regulations including Treasury Department rules
-
Exempts cybersecurity incident reports, ransom payment records, and related assessments from public disclosure under the Freedom of Information Law
-
Requires annual cybersecurity awareness training beginning January 1, 2026 for all state employees who use technology; local government employees must also complete training but may use alternative programs instead of the state-provided option
-
Directs state agencies to create information system inventories within 2 years and develop incident response plans within 18 months, with mandatory annual testing of those plans beginning January 1, 2028
Legislative Description
Requires all municipal corporations to report cybersecurity incidents and demands of ransom payments to the division of homeland security and emergency services; defines terms; requires cybersecurity incident reviews; requires cybersecurity awareness training, cybersecurity protection and data protection standards for state maintained information systems.
Last Action
substituted by s7672a
5/19/2025