Friday, August 12, 2005

New York Enacts Security Breach Law

New York has become the latest state to enact a security breach law.

The law (Assembly bill 4254) applies to the breach of unencrypted personal information or that was encrypted but for which the key has been acquired.

Any person or business which conducts business in New York State, and which owns or licenses computerized data which includes private information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the system to any RESIDENT of the state whose private information was or OR IS REASONABLY BELIEVED TO HAVE BEEN, acquired by a person without authoriztion.

"Personal information" means any information concerning a nautral person which, because of the name, number, personal mark, or other identifier can be used to identify a person.

"Private information" means account numbers, driver's license number, credit card numbers, passwords, SSN, and other sensitive information.

"Breach of the Security System" means unauthorized acquisition of computerized data which compromises the security, confidentiality, integrity, of personal information maintained by a business or state agency.

The law goes into effect in 4 months.

0 Comments:

Post a Comment

<< Home