The New York State Data Breach Notification Law requires business to report data breaches to the Department of State, the New York State Division of State Police and the Office of the Attorney General. Businesses can reduce their potential legal liability and maintain customer goodwill and trust by taking information privacy and security issues seriously. Thus, the Division provides resources for businesses about data breaches, information privacy, identity theft risks, and Internet security.
Report a data security breach to the required New York State Agencies
The NYS Information Security Breach and Notification Act amends the State Technology Law (Section 208) and the General Business Law (Section 899-aa).
PDF version of reporting form
Word version of reporting form
Business compliance tips and guidance
New York State law requires businesses and other entities to notify consumers in the event of a data security breach so that affected consumers can take appropriate action to protect themselves against the threat of identity theft.
Stay Safe Online
Data Privacy Resources for Businesses from the National Cyber Security Safety Alliance.
Last Modified: July 28, 2014