Bill > S03078

This bill amends the New York General Business Law to enhance protections for individuals whose personal information may have been compromised in a data breach. Specifically, if the entity responsible for the data breach was the source of the breach, they must now offer free identity theft prevention and mitigation services to affected individuals for a minimum of 12 months. The bill requires that along with the notification of a potential breach, the organization must provide comprehensive contact information, including relevant state and federal agency resources for security breach response and identity theft prevention. The notification must also describe the categories of information potentially accessed without authorization, specifying which elements of personal or private information were compromised. This legislative change aims to provide more robust support and protection for individuals whose sensitive information may have been exposed, ensuring they have immediate access to tools and services to help prevent potential identity theft or misuse of their personal data.

Business and Industry

https://www.nysenate.gov/legislation/bills/2025/S3078