Home

Legislative Memo

BILL:

A.5487(Brodsky)

Support

SUBJECT:

Disclosure of a breach of security by any business that owns or maintains data

 

DATE:

March 7, 2005

 

SUMMARY: This legislation requires that any business or entity that collects and stores an individual''s personal information, and then has its security breached, to disclose that breach of security to their customers within five days. The bill also establishes a private right of action to any individual that learns that their personal information has been compromised. The Business Council of New York State, Inc. is opposed to this legislation.

PERSONAL DATA: This bill does not tackle the real issue in question. The bill is designed to protect an individual's personal data. What the bill actually does is punish those businesses that maintain personal data if their security is breached, through no fault of their own. Businesses that collect and store personal data have gone to great lengths and expense to protect this information and keep it secure.

PENALTIES: If a business' security is breached, through no fault of its own, the business is forced to pay a penalty. The legislation calls for a penalty of $500 for each instance where it fails to notify the consumers if security measures are breached. The business may not even be aware that their security has been breached.

The bill further allows for a private right of actions for any individual who believes that they have been “injured by reason of any violation of this article.”

FEDERAL LEGISLATION: The federal government recently passed legislation allowing consumers to request a free copy of their credit report on an annual basis. That law has just gone into effect and should be given an opportunity to work.

CONCLUSION: The goal of this legislation is laudable. However, this bill punishes companies and businesses attempting to protect their clients - the consumers. The punitive measures, under this legislation, are focused on the wrong party. Rather than attempting to correct and address identity theft and other similar crimes - this legislation punishes the very companies attempting to help and aid consumers. For the above stated reasons, The Business Council opposes this legislation and recommends it not be adopted.