Ask Reggi Your Question Now
Can you summarize NYCL STT Article 2?
State Technology > Internet Security and Privacy Act
Short Summary
The Internet Security and Privacy Act is a legal document that governs the notification of data breaches and the protection of private information in the state of New York. It applies to state entities that own or license computerized data containing private information and requires them to disclose any breach of the security system to affected residents of New York state. The document defines ‘private information’ as personal information combined with specific data elements such as social security numbers, driver’s license numbers, account numbers, credit or debit card numbers, and biometric information. It establishes the obligation to provide timely notification, contact information, relevant agency details, and a description of the accessed or acquired information. The document also emphasizes the importance of training state entities on best practices for preventing security breaches. Additionally, it requires covered entities to notify the state attorney general of breaches under the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act. The document also pertains to the adoption of rules and regulations for state agencies in New York that maintain state agency websites. It requires the adoption of a model internet privacy policy by each state agency, which must include specific elements such as information collection, disclosure circumstances, retention period, user access procedures, means of information collection, voluntariness of providing information, and steps taken to protect information confidentiality and integrity. State agencies are also required to post their internet privacy policy on their websites with a conspicuous and direct link. The document defines various terms such as ‘collect’, ‘disclose’, ‘internet’, ‘office’, ‘personal information’, ‘state agency’, ‘state agency website’, and ‘user’. It also outlines the obligations of the office in the event of a breach of the security of the system or a breach of network security. The office is required to notify relevant state entities and provide a plan for remediation and future protection of the data and network. No specific penalties or exemptions are mentioned in this document.
Whom does it apply to?
State entities that own or license computerized data containing private information, affected residents of New York state
What does it govern?
Notification of data breaches and protection of private information
What are exemptions?
No exemptions are mentioned.
What are the Penalties?
No specific penalties are mentioned.
Jurisdiction
New York