PRIORITY ISSUE: Privacy Issues


Breach of Security
• S. 3000-A in the Senate -- 04/12/2005 ADVANCED TO THIRD READING

• A. 5487-B in the Assembly - 03/22/2005 amend (t) and recommit to codes 03/22/2005 print number 5487b.

• S. 3492/A.4254-a
06/17/05 Passed Assembly
06/21/05 Passed Senate, Assembly Calendar
08/09/05 Signed by Governor, Chapter 442

• A. 5487-B in the Assembly - 03/30/2005 referred to consumer affairs and protection

S. 186 Balboni
A. 2682 Morelle
06/23/05 - Passed Senate / referred to Assembly Consumer Affairs and Protection

Social Security Numbers
S. 515 Nozzolio in the Senate 01/18/05 referred to consumer protection
A. 1613 Ortiz in the Assembly 01/21/05 referred to consumer affairs and

Privacy Issues - With the advent of new technologies and the Internet, issues have arisen which have driven the legislature to try to put quick fixes to often complex issues. The past couple of years have produced a deluge of bills that seek to remedy so called problems related to security, privacy, and Internet usage. We will oppose legislation that interferes with business to business commerce and treats all businesses the same as the lowest common denominator.

Breach of Security - In 2004 bills were introduced to address breach of security. We expect to see these bills or similar ones in 2005. The 2004 versions of the bills were designed to protect individual's personal data and while well intentioned, often resulted in dramatic governmental overreaching. Responsible businesses that maintain personal data would be punished if that business had its security breached, even if it was through no fault of its own. Private right of actions was allowed in both of the 2004 proposals. The bills required the notification of unauthorized acquisition of personal information and required that any business which owned or licensed computerized data, including vulnerable personal information, and then has its security breached or was thought to have had its security breached, notify every single customer. One of the bills requires disclosure to be made to any resident of New York whose information was reasonably believed to have been acquired by an unauthorized person. The fact that this legislation sought to force the business community to issue a notice to New Yorkers that their security may have been breached is incredibly burdensome. It is regulatory overkill to require businesses to issue a notice on the chance that it may have occurred. Responsible business that collect and store personal data have gone to great lengths and expense to protect this information and keep it secure. Hoping to correct and address identity theft, the legislation instead punishes legitimate electronic commerce.

The Council will work on breach of security measures so they address the problems they seek to correct.

Limitation on the Use of Social Security Numbers - A number of bills have been introduced this year intended to limit the use of social security numbers in order to combat identity theft and fraud. These bills are extremely broad and do not correct the problem they seek to correct.

Society has changed greatly since the inception of the social security number in 1936. The use of the social security number has become part of our everyday lives. It is used to check our credit, maintain our health records, and file our taxes. The social security number is also linked to the administration of government programs. Social security numbers are vital to ensuring that we are actually able to maintain our identity. For instance, if two people are applying for credit the credit company needs to be able to distinguish one person from the other.

The Federal Fair Access to Credit Transactions Act (FACT) was recently enacted in order to provide a balance regarding the use of social security numbers. FACT provides significant steps in identity theft prevention measures. As stated above, FACT should be given an opportunity to work and The Business Council will continue discussions to transition from social security numbers where appropriate.

The Business Council will not support any privacy policies which are broad and overly restrictive.

Spyware - Spyware has become a hot topic in many state legislatures with New York being no different. Legislation has been introduced by Assemblyman Morelle, A.2682, which deals with banning the dissemination of spyware.

Many of our members are concerned that this legislation:

The Business Council wants this issue dealt with at the federal level.