state_legiscan_drain · NY
Requires all state entities, including local governments, to notify affected individuals in the event of a data breach where information is compromised; defines "cybersecurity incident".
May 16, 2025
Summary
If enacted, this bill would require all state entities, including local governments, lenders, banks, and other regulated entities, to notify affected individuals in the event of a data breach where personal information is compromised. It also formally defines a "cybersecurity incident," establishing clear triggers for notification obligations. Compliance officers must update incident response plans and notification procedures to align with these statutory requirements.
Source: https://www.nysenate.gov/legislation/bills/2025/S8169
Common questions
- What does "Requires all state entities, including local governments, to notify affected individuals in the event of a data breach where information is compromised; defines "cybersecurity incident"." cover?
- If enacted, this bill would require all state entities, including local governments, lenders, banks, and other regulated entities, to notify affected…
- When was it published?
- It was published on May 16, 2025.
Related updates
- Lakeview Loan Servicing, LLC, Pingora Loan Servicing, LLC, Community Loan Servicing, LLC, and Bayview Asset Management, LLC Multistate Settlement Agreement and Consent Order issued by the Division of Banking
- Ultralight FS,. Inc., formerly known as Obopay, Inc., also doing business as Obopay USA
- Updated Nonbank Ransomware Self-Assessment Tool (R-SAT)
- Two Ocean No-Action Letter: Digital Asset Custody & Qualified Custodian Status
- Pionex, Inc. Consent Order issued by the Division of Banking
- ACI Payments, Inc. Settlement Agreement and Consent Order issued by the Division of Banking