Loading chat...

NY S08169

Bill

Official Source

Status

Engrossed

6/10/2025

Primary Sponsor

Siela Bynoe

Click for details

Origin

Senate

2025-2026 General Assembly

AI Summary

  • Expands the definition of "data breach" to include "unauthorized utilization" of computerized data, in addition to unauthorized acquisition

  • Broadens the definition of "state entity" to explicitly include all cities, counties, municipalities, villages, towns, and other local agencies, not just state-level entities

  • Adds a new definition for "cybersecurity incident" covering events that jeopardize the integrity, confidentiality, or availability of computers, information systems, networks, or virtual infrastructure

  • Requires state entities that own, license, or maintain computerized data with private information to disclose breaches to affected New York residents and consult with the Office of Information Technology Services to determine breach scope

  • Mandates the Office of Information Technology Services deliver a report on breach scope and security improvement recommendations within 90 days of breach notice

  • Takes effect 90 days after becoming law

Legislative Description

Requires all state entities, including local governments, to notify affected individuals in the event of a data breach where information is compromised; defines "cybersecurity incident".

Last Action

REFERRED TO INTERNET AND TECHNOLOGY

1/7/2026

Committee Referrals

Internet and Technology1/7/2026
Governmental Operations6/10/2025
Rules6/4/2025
Finance5/29/2025
Internet and Technology5/16/2025

Full Bill Text

No bill text available