Bill > A01157

This bill amends the New York General Business Law to shorten the timeline for disclosing data breaches from thirty days to five days. Specifically, the bill requires any person or business that owns or licenses computerized data containing private information to disclose a security breach within five days of discovering or being notified about the breach. The disclosure must be made to any New York state resident whose private information was, or is reasonably believed to have been, accessed without authorization. The previous version of the law allowed up to thirty days for notification, with exceptions for law enforcement needs. By reducing the disclosure window to five days, the bill aims to provide faster notification to potentially affected individuals, giving them earlier opportunities to protect themselves from potential identity theft or other misuse of their private information. The change reflects a growing emphasis on rapid transparency and consumer protection in data security incidents.

Business and Industry

https://www.nysenate.gov/legislation/bills/2025/A1157