Ask Reggi Your Question Now
Can you summarize NYCL GBS 899-AA?
Notification of Unauthorized Acquisition of Private Information; Data Security Protections > Notification; person without valid authorization has acquired private information
Short Summary
This legal document governs the notification of unauthorized acquisition of private information and data security protections. It applies to any person or business that owns or licenses computerized data containing private information. Private information includes personal information and specific data elements such as social security numbers, driver’s license numbers, account numbers, credit or debit card numbers, and biometric information. The document requires the disclosure of any breach of the security of the system to affected residents of New York state in a timely manner. However, notification is not required for inadvertent disclosures by authorized persons if it is determined that there will likely be no misuse or harm. The document also outlines the methods of notification, including written notice, electronic notice, telephone notification, or substitute notice. Failure to comply with the notification requirements may result in civil penalties. The document also provides provisions for notifying relevant state and federal agencies, as well as consumer reporting agencies, in certain circumstances.
Whom does it apply to?
Any person or business which owns or licenses computerized data which includes private information
What does it govern?
Notification of Unauthorized Acquisition of Private Information; Data Security Protections
What are exemptions?
Exposure of private information due to inadvertent disclosure by authorized persons, if it is determined that such exposure will not likely result in misuse or harm
What are the Penalties?
Civil penalty of the greater of $5,000 or up to $20 per instance of failed notification, not exceeding $250,000
Jurisdiction
New York