There is a newer version of the New York Consolidated Laws
2022
2021
2020
2019
2018
Other previous versions
View our newest version here

2006 New York Code - Agency Disclosure Of A Security Breach



 
    § 10-502  Agency  disclosure  of a security breach  a. Any city agency
  that owns or leases data that includes personal identifying  information
  and  any  city agency that maintains but does not own data that includes
  personal identifying information,  shall  immediately  disclose  to  the
  police  department  any  breach  of  security  following  discovery by a
  supervisor or manager, or following  notification  to  a  supervisor  or
  manager, of such breach if such personal identifying information was, or
  is reasonably believed to have been, acquired by an unauthorized person.
    b.   Subsequent  to  compliance  with  the  provisions  set  forth  in
  subdivision a of this section, any city agency that owns or leases  data
  that  includes  personal  identifying  information  shall  disclose,  in
  accordance with the procedures  set  forth  in  subdivision  d  of  this
  section,  any  breach of security following discovery by a supervisor or
  manager, or following notification to a supervisor or manager,  of  such
  breach  to  any person whose personal identifying information was, or is
  reasonably believed to have been, acquired by an unauthorized person.
    c.  Subsequent  to  compliance  with  the  provisions  set  forth   in
  subdivision  a  of this section, any city agency that maintains but does
  not own  data  that  includes  personal  identifying  information  shall
  disclose,  in  accordance with the procedures set forth in subdivision d
  of this section,  any  breach  of  security  following  discovery  by  a
  supervisor  or  manager,  or  following  notification to a supervisor or
  manager, of such breach to the owner, lessor or licensor of the data  if
  the  personal  identifying information was, or is reasonably believed to
  have been, acquired by an unauthorized person.
    d. The disclosures required by subdivisions b and c  of  this  section
  shall  be  made  as soon as practicable by a method reasonable under the
  circumstances.  Provided  said  method  is  not  inconsistent  with  the
  legitimate  needs  of  law  enforcement  or  any  other investigative or
  protective measures necessary to restore the reasonable integrity of the
  data system, disclosure shall be made by at least one of  the  following
  means:
    1.  Written notice to the individual at his or her last known address;
  or
    2. Verbal notification to the individual by telephonic  communication;
  or
    3.  Electronic notification to the individual at his or her last known
  e-mail address.
    e. Should disclosure pursuant  to  paragraph  one,  two  or  three  of
  subdivision  d be impracticable or inappropriate given the circumstances
  of the breach and the identity of the victim, such disclosure  shall  be
  made by a mechanism of the agency's election, provided such mechanism is
  reasonably  targeted to the individual in a manner that does not further
  compromise the integrity of the personal information.

Disclaimer: These codes may not be the most recent version. New York may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.