Government and Data Privacy Law in New York State

Government and Data Privacy Law in New York State

N.Y. State Tech. Law § 201 to 207 is an internet security and data privacy law that was enacted in New York State in 2019. N.Y. State Tech. Law § 201 to 207 sets forth the steps and measures that state agencies within New York State must follow when collecting personal information from citizens across the state. Furthermore, the law also establishes the privacy regulations that state agencies must adopt in order to ensure that the personal information of New York State residents is protected from unauthorized access, use, modification, destruction, and disclosure. Such regulations include technological and privacy requirements, among other things.

How is a state agency defined under the law?

Under N.Y. State Tech. Law § 201 to 207, a state agency is defined as “any department, board, bureau, commission, division, office, council, committee or officer of the state. Such term shall not include the legislature or judiciary.” Alternatively, the law defines technology as “a good, service, or good and service that results in a digital, electronic or similar technical method of achieving a practical purpose or in improvements in productivity, including but not limited to information management, equipment, software, operating systems, interface systems, interconnected systems, telecommunications, data management, networks, and network management, consulting, supplies, facilities, maintenance, and training.”

What are the duties of state agencies under the law?

N.Y. State Tech. Law § 201 to 207 mandates that state agencies develop and implement a privacy policy that will ensure that the personally identifiable information of residents within New York State remains secure and confidential at all times. Such privacy policies must contain the following elements:

What categories of personal data are protected by the law?

The categories of personal data pertaining to citizens within New York State that are legally protected from unauthorized disclosure under the provisions of N.Y. State Tech. Law § 201 to 207 include but are not limited to the following:

Data breach notifications

In addition to personal privacy protections and regulations, the provisions of N.Y. State Tech. Law § 201 to 207 also mandates that state agencies provide data breach notifications to all applicable parties in instances where such an event occurs. These notifications must be made in the most expedient manner possible and without unreasonable delay. Additionally, state agencies are also required to provide affected parties with information concerning the scope and severity of the breach, the data elements that were disclosed as a result of the breach, and any measures the agency is taking to remedy the breach, among other pertinent provisions.

As it pertains to protecting the personal data that New York State residents submit to government agencies, N.Y. State Tech. Law § 201 to 207 ensures that this information does not fall into the wrong hands. Through the sections of the law, state agencies have a number of duties with respect to safeguarding the personally identifiable information that they collect, manage, and disclose. As such, citizens within New York State can have the peace of mind that their local government agencies are doing everything possible to protect their personal data and privacy.

Related Reads