Legislation to change how the state’s IT office responds to data breaches is now up for consideration by Senate lawmakers. The bill (NY State Senate Bill S6834A) would alter how the state reacts to an electronic breach of private information, giving more responsibilities to New York’s Office of Information Technology Services in the wake of any state data breach. The bill states that should any “state entity” handling citizens’ private information discover that personal data becomes exposed to any unauthorized users, the legislation would task the IT office with delivering “a report on the scope of the breach and recommendations to restore and improve the security of the system to the state entity” within 90 days after the discovery of the breach.
Additionally, the bill requires that state IT staff “develop, update and provide regular training to all state entities relating to best practices for the prevention of a breach of the security of the system.”