Breach Notification Law

NYS Information Security Breach and Notification Act

The NYS Information Security Breach and Notification Act amends the State Technology Law (Section 208) and the General Business Law (Section 899-aa). Copies of these sections can be found by clicking the links below.

Section 208 of the State Technology Law pdf or doc
Section 899-aa of the General Business Law pdf or doc

State entities and persons or businesses conducting business in NY who own or license computerized data which includes private information must disclose any breach of the data to NY residents (State entities must also notify non-residents, see Information Security Policy P03-002 V3.4 Part 12) - pdf

When notification is necessary then the State entity or person or business conducting business in NY must also notify three (3) NYS offices: the NYS Attorney General (AG), the NYS Office of Cyber Security (OCS) and the Consumer Protection Board (CPB). Print the form (link below) and submit the same completed form to all three entities as outlined below.

• Frequently Asked Questions (FAQs)

NYS Information Security Breach and Notification Act Reporting form - pdf or doc

Please Submit This Form To All (3) State Agencies as follows:

Fax or E-mail this form to:

New York State Office of Cyber Security (OCS)
SECURITY BREACH NOTIFICATION
1220 Washington Avenue
State Office Campus
Building 7A, 4th Floor Albany, NY 12242
Fax: 518-322-4976
E-mail: OCS.Info@dhses.ny.gov

New York State Attorney General's Office:
SECURITY BREACH NOTIFICATION
Consumer Frauds & Protection Bureau
120 Broadway - 3rd Floor
New York, NY 10271
Fax: 212-416-6003
E-mail: breach.security@ag.ny.gov

New York State Department of State Division of Consumer Protection:
Attention: Director of the Division of Consumer Protection
SECURITY BREACH NOTIFICATION
99 Washington Avenue, Suite 650
Albany, NY 12231
fax: 518-473-9055
E-mail: security_breach_notification@dos.ny.gov