On December 21, 2024, A8872-A and S2659-B were signed into law by Governor Hochul, amending New York’s data breach notification law. The bills, where are identical, went into effect immediately.
The amendments create the following requirements:
- Residents must be notified of a breach within 30 days of discovery, subject to the needs of law enforcement. Previously, notice was required only in “the most expedient time possible and without unreasonable delay.”
- In addition to the existing requirement to provide notice of a breach to the Attorney General, Department of State, and Division of State Police, it must also be provided to the Department of Financial Services.
For a chart comparing the state comprehensive data privacy laws, visit RMAI’s Privacy and Data Security Resource Center (login required).
RMAI strongly recommends that its members share this Member Alert with those in their organization who are responsible for their operations, compliance, and legal matters.
This Member Alert is intended for members of the Receivables Management Association International, is for informational purposes only, and is in no way intended to provide legal advice. Members are encouraged to consult with an attorney of their choice for legal advice concerning this matter.