Schneiderman's proposal comes days after President Obama detailed a similar plan to prompt federal legislation on cybersecurity.
N.Y. Proposal Details
Under current state law, New York limits its definition of "private information" to:
- Account numbers and passwords that "would permit access to an individual's financial account";
- Driver's license or non-driver ID numbers; and
- Social Security numbers.
Under the new proposal, companies would be required to report breaches of additional private information, including:
- Biometric data;
- Email addresses and passwords;
- Health insurance data; and
- Medical information
The proposal also would require all organizations that collect and store private information to implement adequate security measures.
In addition, the legislation would suggest that the state incentivize businesses to share forensic reports with law enforcement officials in the event of a data breach