Governor Cuomo Announces Proposal to Safeguard Data Security Rights as Part of the 2021 State of the State
Governor Andrew M. Cuomo today announced a comprehensive law that will provide New Yorkers with transparency and control over their personal data and provide new privacy protections as part of the 2021 State of the State. This law will mandate that companies that collect information on large numbers of New Yorkers disclose the purposes of any data collection and collect only data needed for those purposes. Governor Cuomo will also establish a Consumer Data Privacy Bill of Rights guaranteeing every New Yorker the right to access, control, and erase the data collected from them; the right to nondiscrimination from providers for exercising these rights; and the right to equal access to services.
"New Yorkers appreciate the value and convenience that technology has afforded their lives, but progress does not need to come at the expense of basic privacy," Governor Cuomo said. "In a world where we are reliant on technology to work, learn, and even see our family, New Yorkers deserve transparency and accountability from the companies who collect and use their information. New York will act to pass a strong privacy law that safeguards New Yorker's personal information and continues to encourage innovation."
The proposal also expressly protects sensitive categories of information including health, biometric and location data and creates strong enforcement mechanisms to hold covered entities accountable for the illegal use of consumer data. New York State will work with other states to ensure competition and innovation in the digital marketplace by promoting coordination and consistency among their regulatory policies.
This nation-leading law builds on Governor Cuomo's previous efforts to protect New Yorkers' privacy. In 2019, Governor Cuomo safeguarded the data security rights of New Yorkers by signing the Stop Hacks and Improve Electronic Data Security Act, which increased consumer protections and helps hold businesses accountable for mishandled data. In 2017, New York established first-in-the-nation cybersecurity regulations, which required banks, insurance companies, and other financial services institutions regulated by the Department of Financial Services to establish and maintain a cybersecurity program designed to protect consumers' private data and ensure the safety and soundness of New York's financial services industry.