SOTS proposal to safeguard data security rights

Gov. Andrew Cuomo on Friday announced what his team called, “a comprehensive law that will provide New Yorkers with transparency and control over their personal data and provide new privacy protections,” as part of the 2021 State of the State. This law will mandate companies that collect information on large numbers of New Yorkers disclose the purposes of any data collection and collect only data needed for those purposes. 

Cuomo will also establish a consumer data privacy bill of rights guaranteeing every New Yorker the right to access, control and erase the data collected from them; the right to nondiscrimination from providers for exercising these rights; and the right to equal access to services.

"New Yorkers appreciate the value and convenience that technology has afforded their lives, but progress does not need to come at the expense of basic privacy," Cuomo said. "In a world where we are reliant on technology to work, learn and even see our family, New Yorkers deserve transparency and accountability from the companies who collect and use their information. New York will act to pass a strong privacy law that safeguards New Yorker's personal information and continues to encourage innovation."

The press release noted, “The proposal also expressly protects sensitive categories of information including health, biometric and location data and creates strong enforcement mechanisms to hold covered entities accountable for the illegal use of consumer data. New York state will work with other states to ensure competition and innovation in the digital marketplace by promoting coordination and consistency among their regulatory policies.”

This law builds on Cuomo's previous efforts to protect New Yorkers' privacy. In 2019, he “safeguarded the data security rights of New Yorkers” by signing the Stop Hacks and Improve Electronic Data Security Act, which increased consumer protections and helps hold businesses accountable for mishandled data. In 2017, New York established first-in-the-nation cybersecurity regulations, which required banks, insurance companies, and other financial services institutions regulated by the Department of Financial Services to establish and maintain a cybersecurity program designed to protect consumers' private data and ensure the safety and soundness of New York's financial services industry.