S06806 Summary:

BILL NOS06806A
 
SAME ASNo Same As
 
SPONSORSAVINO
 
COSPNSR
 
MLTSPNSR
 
Add Art 4 §401, St Tech L
 
Prohibits governmental entities, business entities and health care entities from paying a ransom in the event of a cyber incident or a cyber ransom or ransomware attack.
Go to top    

S06806 Actions:

BILL NOS06806A
 
05/18/2021REFERRED TO INTERNET AND TECHNOLOGY
06/03/2021AMEND AND RECOMMIT TO INTERNET AND TECHNOLOGY
06/03/2021PRINT NUMBER 6806A
01/05/2022REFERRED TO INTERNET AND TECHNOLOGY
02/01/2022REPORTED AND COMMITTED TO VETERANS, HOMELAND SECURITY AND MILITARY AFFAIRS
Go to top

S06806 Committee Votes:

Go to top

S06806 Floor Votes:

There are no votes for this bill in this legislative session.
Go to top

S06806 Text:



 
                STATE OF NEW YORK
        ________________________________________________________________________
 
                                         6806--A
 
                               2021-2022 Regular Sessions
 
                    IN SENATE
 
                                      May 18, 2021
                                       ___________
 
        Introduced  by  Sen.  SAVINO -- read twice and ordered printed, and when
          printed to be committed to the Committee on Internet and Technology --
          committee discharged, bill amended, ordered reprinted as  amended  and
          recommitted to said committee
 
        AN  ACT to amend the state technology law, in relation to the payment of
          ransom in the event of a cyber incident or a cyber ransom  or  ransom-
          ware attack
 
          The  People of the State of New York, represented in Senate and Assem-
        bly, do enact as follows:
 
     1    Section 1. The state technology law is amended by adding a new article
     2  4 to read as follows:
     3                                  ARTICLE IV
     4                          CYBER SECURITY INCIDENTS
 
     5  Section 401. Payment of ransom; cyber incident, cyber ransom or  ransom-
     6                 ware.
 
     7    §  401. Payment of ransom; cyber incident, cyber ransom or ransomware.
     8  1. For the purpose of this section:
     9    a. "Cyber incident" means the compromise of  the  security,  confiden-
    10  tiality,  or  integrity  of  computerized  data due to the exfiltration,
    11  modification, or deletion that results in the  unauthorized  acquisition
    12  of  and access to information maintained by a governmental entity, busi-
    13  ness entity, or health care entity.
    14    b. "Cyber ransom or ransomware" means a type of malware that  encrypts
    15  or  locks  valuable  digital  files  and demands a ransom to release the
    16  files.
    17    c. "Governmental entity" shall mean any state, city, town  or  village
    18  or  local  department,  board,  bureau, division, commission, committee,
    19  school district, public authority, public benefit  corporation,  council
    20  or office, including all entities defined pursuant to section two of the
 
         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD11518-02-1

        S. 6806--A                          2
 
     1  public  authorities law. Such term shall include the state university of
     2  New York and the city university of New York as well as the state legis-
     3  lature, the judiciary or state and local legislatures.
     4    d.  "Business  entity" shall mean any legal entity that conducts busi-
     5  ness in the state of New York.
     6    e. "Health care entity" shall  mean  hospitals,  nursing  homes,  home
     7  care,  hospice  and  any  other  health care facilities regulated by the
     8  department of health.
     9    2. No governmental entity, business entity or health care entity with-
    10  in the state shall pay, or have another  entity  pay  on  their  behalf,
    11  ransom  in the event of a cyber incident or a cyber ransom or ransomware
    12  attack.
    13    3. All governmental entities shall  report  any  cyber  incidents  and
    14  cyber  ransom  or  ransomware  attacks to the New York state division of
    15  homeland security and emergency services.
    16    4. Any business entity that violates the provisions  of  this  section
    17  shall  be  subject  to  a  civil  penalty  of up to ten thousand dollars
    18  assessed by the attorney general.
    19    § 2. This act shall take effect immediately.
Go to top