New York Legislature Approves Changes to Security Breach Law
The New York States Assembly and Senate have approved changes to their Security Breach law. Senate Bill 5827 has been sent to the Governor.
The bill defines "Breach of the security of the system" to mean:
"Unauthorized acquisition or acquisition without valid authorization of computerized data which compromises the security, confidentiality, or integrity of personal information maintained by a state entity. Good faith acquisition of personal information by an employee or agent of a state entity for the purposes of the agency is not a breach of the security of the system, provided that the private information is not used or subject to unauthorized disclosure."
The bill also states:
"IN DETERMINING WHETHER INFORMATION HAS BEEN ACQUIRED, OR IS REASONABLY BELIEVED TO HAVE BEEN ACQUIRED, BY AN UNAUTHORIZED PERSON OR A PERSON WITHOUT VALID AUTHORIZATION, SUCH STATE ENTITY MAY CONSIDER THE FOLLOWING FACTORS, AMONG OTHERS:
(1) INDICATIONS THAT THE INFORMATION IS IN THE PHYSICAL POSSESSION AND CONTROL OF AN UNAUTHORIZED PERSON, SUCH AS A LOST OR STOLEN COMPUTER OR OTHER DEVICE CONTAINING INFORMATION;
OR
(2) INDICATIONS THAT THE INFORMATION HAS BEEN DOWNLOADED OR COPIED;
OR
(3) INDICATIONS THAT THE INFORMATION WAS USED BY AN UNAUTHORIZED ERSON, SUCH AS FRAUDULENT ACCOUNTS OPENED OR INSTANCES OF IDENTITY THEFT REPORTED."
The bill defines "Breach of the security of the system" to mean:
"Unauthorized acquisition or acquisition without valid authorization of computerized data which compromises the security, confidentiality, or integrity of personal information maintained by a state entity. Good faith acquisition of personal information by an employee or agent of a state entity for the purposes of the agency is not a breach of the security of the system, provided that the private information is not used or subject to unauthorized disclosure."
The bill also states:
"IN DETERMINING WHETHER INFORMATION HAS BEEN ACQUIRED, OR IS REASONABLY BELIEVED TO HAVE BEEN ACQUIRED, BY AN UNAUTHORIZED PERSON OR A PERSON WITHOUT VALID AUTHORIZATION, SUCH STATE ENTITY MAY CONSIDER THE FOLLOWING FACTORS, AMONG OTHERS:
(1) INDICATIONS THAT THE INFORMATION IS IN THE PHYSICAL POSSESSION AND CONTROL OF AN UNAUTHORIZED PERSON, SUCH AS A LOST OR STOLEN COMPUTER OR OTHER DEVICE CONTAINING INFORMATION;
OR
(2) INDICATIONS THAT THE INFORMATION HAS BEEN DOWNLOADED OR COPIED;
OR
(3) INDICATIONS THAT THE INFORMATION WAS USED BY AN UNAUTHORIZED ERSON, SUCH AS FRAUDULENT ACCOUNTS OPENED OR INSTANCES OF IDENTITY THEFT REPORTED."
1 Comments:
Your blog contained issues relating to cyber identity theft which I found quite absorbing. I would argue that cyber identity theft matters are best left to the professionals in most cases.
Post a Comment
<< Home