ALBANY, N.Y. (1/29/15)--The New York Credit Union Association is closely following a proposed overhaul of the state's data security law that could hold companies to new standards in protecting consumers' personal data.
New York Attorney General Eric Schneiderman's proposal, to be released today would create new data security requirements for businesses and would expand the types of information covered by New York's data breach notification statute (Reuters Jan. 28).
The proposal seeks to expand the definition of what constitutes "private information" to include email addresses and passwords, biometric information and health insurance details.
Companies are currently not required to report a data breach if it is limited to the theft of email addresses and passwords.
"We are following the attorney general's efforts and will be reaching out to work with him and the state Legislature on the proposal once it is publicly unveiled," said Michael Lanotte, senior vice president/general counsel for NYCUA.
"Data security/breach is a state legislative agenda priority issue for us, and we are already educating lawmakers on the needed changes to current law to ensure adequate protections are in place and liability is fairly placed on the responsible party," he told News Now.
The proposal would also require companies that collect or store private information to take "reasonable security measures" to protect that information from unauthorized access.
Companies collecting or storing private information would be required to have:
The proposal will also offer businesses that employ stringent data-security measures some protection from liability in lawsuits if the businesses can show that they took steps to protect private information.
The Credit Union National Association, which compiled comprehensive data in the aftermath of the breach that revealed how great the impact was on credit unions nationwide, continues to press lawmakers on the issue of ratcheting up payment data security standards for merchants.
Merchants aren't held to the same strict standards that financial institutions must adhere to, yet the cost of these breaches are unfairly and disproportionately carried by financial institutions, according to CUNA's leaders.