New York State Assembly

Bill No.:  

 
•  Summary 
 
•  Actions 
 
•  Committee Votes 
 
•  Floor Votes 
 
•  Memo 
 
•  Text 
 
•  LFIN 
 
•  Chamber Video/Transcript 

---

A02868 Summary:

BILL NO	A02868
SAME AS	SAME AS S06701
SPONSOR	Fahy
COSPNSR
MLTSPNSR
Amd §899-aa, Gen Bus L
Provides that if the person or business providing the notification was the source of the breach, an offer to provide appropriate identity theft prevention and mitigation services, shall be provided at no cost to the affected person for not less than 12 months, along with all information necessary to take advantage of the offer to any person whose information was or may have been breached if the breach exposed or may have exposed personal information.

Go to top    

---

A02868 Actions:

BILL NO	A02868
01/28/2019	referred to consumer affairs and protection
01/08/2020	referred to consumer affairs and protection

Go to top

---

A02868 Committee Votes:

Go to top

---

A02868 Floor Votes:

Go to top

---

A02868 Text:

 
                STATE OF NEW YORK
        ________________________________________________________________________
 
                                          2868
 
                               2019-2020 Regular Sessions
 
                   IN ASSEMBLY
 
                                    January 28, 2019
                                       ___________
 
        Introduced  by  M. of A. FAHY -- read once and referred to the Committee
          on Consumer Affairs and Protection
 
        AN ACT to amend the general business law, in relation to credit monitor-
          ing services
 
          The People of the State of New York, represented in Senate and  Assem-
        bly, do enact as follows:

     1    Section  1.  Subdivision  7  of section 899-aa of the general business
     2  law, as added by chapter 442 of the laws of 2005, is amended to read  as
     3  follows:
     4    7.  Regardless  of the method by which notice is provided, such notice
     5  shall include contact information for the person or business making  the
     6  notification  and  a  description  of the categories of information that
     7  were, or are reasonably believed to have  been,  acquired  by  a  person
     8  without  valid  authorization,  including  specification of which of the
     9  elements of personal information and private information  were,  or  are
    10  reasonably  believed  to have been, so acquired.  If the person or busi-
    11  ness providing the notification was the source of the breach,  an  offer
    12  to   provide   appropriate  identity  theft  prevention  and  mitigation
    13  services, shall be provided at no cost to the affected  person  for  not
    14  less  than  twelve  months, along with all information necessary to take
    15  advantage of the offer to any person whose information was or  may  have
    16  been  breached if the breach exposed or may have exposed personal infor-
    17  mation as defined in subdivision one of this section.
    18    § 2. This act shall take effect immediately.
 
 
 
         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD02293-01-9

Go to top