skip banner navigation new york state banner - this will open a new window  
CPB Home Press Releases Consumer Links
Contact: Deborah Sturm Rausch (518) 473-9472 For Immediate Release: March 10, 2008

The NYS Consumer Protection Board and NYS Office of Cyber Security and Critical Infrastructure Provide Insight on Proposed Expansion of New York’s Security Breach Law


Data security breaches have left more than 100 million Americans at risk for identity theft, according to a December 20, 2006 report by Privacy Rights Clearinghouse, a nonprofit organization that monitors security breaches. Against that backdrop, the New York State Consumer Protection Board (CPB) and the New York State Office of Cyber Security and Critical Infrastructure Coordination (CSCIC) collaborated on and proposed legislation to amend the New York State Information Security Breach and Notification Act of December 2005, to clarify the applicability of the law and to improve compliance, reporting and the content of the notice provided to affected consumers. An explanation of the law and the need for these amendments were discussed at the first Information Privacy Breakfast, sponsored by the CPB and the College of Nanoscale Science and Engineering (CNSE) in association with the CSCIC.

“No one is immune from a data breach,” said Mindy A. Bockstein, Chairperson and Executive Director of the CPB. “Data security is making headlines nearly every day. The heightened level of vulnerability and exposure created by the compilation of large electronic databases necessitates a greater level of risk sensitivity. The law applies to public and private entities, and the proposed changes in the law will assure better notice about security breaches will be forthcoming for consumers. Enhanced disclosure of a data leaks will go a long way toward building customer trust and minimizing risk.”

“The protection of personal information is an increasingly important challenge as the volume of information maintained electronically continues to grow,” said William F. Pelgrin, Director of the New York State Office of Cyber Security and Critical Infrastructure Coordination. “By raising awareness about the risks, and working collaboratively with both the public and private sectors, we can enhance the protection of citizens’ information.”

The Information Privacy Breakfast Series, entitled “The Implications of a Security Breach: A Consumer’s Perspective,” began last week at the CNSE at Albany, Albany NanoTech Complex.

“The UAlbany NanoCollege is pleased to have had the opportunity to co-host the New York State Consumer Protection Board’s inaugural Leadership Breakfast,” said Dr. Alain E. Kaloyeros, Vice President and Chief Administrative Officer of CNSE. “We applaud the CPB for its effective leadership in ensuring the well-being of the citizens of New York, including providing a forum for discussion of important issues such as information privacy, which is becoming increasingly critical in the global economy of the 21st century.”

The CPB’s experience shows that consumers reacting to security breaches are not aware of the type and amount of personal information that is maintained about them by various entities. In August of 2007, Monster.com, an online recruitment site, discovered that hackers had broken into its password-protected resume database. As a result of this breach, the names, addresses, phone numbers and e-mail addresses of 1.3 million job seekers were stolen, leaving these individuals vulnerable to identity theft.

In response to the 2005 ChoicePoint breach that exposed personal records of more than 160,000 individuals to the public, then Attorney General, now Governor, Eliot Spitzer spearheaded security breach legislation in New York State that became law. Current statutory provisions place obligations on both State and local government entities and private businesses in New York to provide notification when a security breach occurs so that affected consumers can take appropriate action to protect themselves from the threat of identity theft.

The proposed new law will expand the application of the current requirements to entities maintaining computerized data that is not owned by them. Consumers will also be more likely to receive effective notification of a breach. They will receive information on how to mitigate the risks of the breach. The CPB, CSCIC and the Office of the Attorney General have streamlined the process by which entities file breach notifications with the State, enabling them to file them electronically and making it less burdensome.

Data security is a key issue for the CPB. Thus, in the past year, great emphasis has been placed on identity theft, Internet security, privacy and security breaches. The CPB has dedicated resources about these and additional issues on its website, www.nysconsumer.gov, for consumers and businesses. Consumers are urged to visit the CPB’s website to file complaints or to access important information. The CSCIC, which coordinates the State’s efforts regarding cyber security readiness and response, also has a variety of information available on its website for consumers about Internet safety and the protection of personal information.

“We must remain vigilant in understanding the risks and knowing what steps can be taken to mitigate those risks,” said Pelgrin. “You may visit the CSCIC website at www.cscic.state.ny.us.”

The CPB, established in 1970 by the New York State Legislature, is the State's top consumer watchdog and think tank. The CPB's core mission is to protect New Yorkers by publicizing unscrupulous and questionable business practices and product recalls; conducting investigations and hearings; enforcing the “Do Not Call Law”; researching issues; developing legislation; creating consumer education programs and materials; responding to individual marketplace complaints by securing voluntary agreements; and, representing the interests of consumers before the Public Service Commission and other State and federal agencies.

To file a consumer complaint with the NYS Consumer Protection Board (CPB), call our toll-free hotline at 800-697-1220 or visit CPB’s website at www.nysconsumer.gov. In addition to the online complaint form, the website is home to important consumer safety information. To join the CPB’s Do Not Call Reminder list, send an e-mail to CPB's Do Not Call Reminder list