Updates to New York’s Data Breach Law
If your business handles consumer data in New York, take note—big changes just went into effect that tighten the state’s breach notification requirements.
Gov. Kathy Hochul recently signed Senate Bill S2659B, which immediately updated New York’s General Business Law Section 899-aa. The key takeaway? You now have a strict 30-day deadline to notify individuals after discovering a breach.
Here’s what New York employers need to know:
What Changed?
📌 Stricter Notification Timeline
Previously, businesses had to notify affected individuals “in the most expedient time possible”—but without a firm deadline. Now, notification must be made within 30 days of discovering a breach.
📌 Fewer Exceptions
The law no longer allows delays for investigating the scope of the breach or restoring system integrity. However, law enforcement delays are still permitted.
📌 Expanded State Agency Notifications
Before, businesses had to notify the New York Attorney General, Department of State, and State Police. The new law adds the New York Department of Financial Services (NYDFS) to the list.
Why This Matters for Employers
🔹 Non-compliance risks penalties – Failing to meet the 30-day notification deadline could result in legal and financial consequences.
🔹 Multi-state compliance is complex – With 50 different state breach laws, businesses operating in multiple states must stay up to date on evolving regulations.
🔹 Incident response plans are crucial – If you don’t have a clear, documented plan for handling breaches, now’s the time to create or update one.
What Should Employers Do Now?
✅ Review your data breach response plan – Make sure your team is aware of the 30-day rule.
✅ Update notification protocols – Ensure compliance with New York’s agency notification requirements.
✅ Train your staff – Educate employees on cybersecurity best practices to prevent breaches before they happen.
Data breaches are stressful, but being prepared makes all the difference. That’s why we offer the HR MRI Assessment®—a deep dive into your company’s HR and compliance landscape. It uncovers hidden risks, regulatory gaps, and employee engagement challenges that could be costing you money (or putting your business at risk).
Stay compliant and get the most out of your workforce. Contact us to take our HR MRI Assessment® today and get a personalized report with actionable insights!