New York State Businesses Are Under Strict Data-Breach Notification Requirements.

Know the facts around notification-requirement laws to protect your business, and yourself as a business owner.  

Data breaches can often go unrecognized and difficult to identify, making them one of the most challenging forms of theft for business owners to handle. Additionally, under the New York State Information Security Breach and Notification Act, there are specific requirements for notification in the event of a data breach.

It’s important that you fully understand these laws.  The NY State Attorney General may seek injunctive relief against any business entity for violating the law. If the court finds that you violated this article knowingly or recklessly, they may impose a civil penalty of the greater of $5,000 or up to $10 per instance of failed notification.  Plus, they may award damages to consumers for actual costs or losses incurred by a person entitled to notice, including consequential financial losses.

The Ongoing Challenge of Cybersecurity

Government and law enforcement personnel continue to focus on stopping cybercriminals, but the quantity and severity of data breaches is of ongoing concern to business leaders. To make matters worse, cybersecurity officials often find it difficult to sustain adequate hiring levels to combat cyber threats.

This effectively leaves an open playground for cybercriminals who know there aren’t enough law enforcement professionals to investigate even the largest claims. The complexity levels of individual threats can also be overwhelming, as local police struggle to get up to speed on the technical side of these investigations.

Limited Access to Security Professionals

With the heavy focus on security in the technology sector, you might expect there to be an abundance of professionals entering this field. However, nothing could be further from the truth. There’s a massive cybersecurity skills shortage that is negatively impacting organizations’ ability to prevent and detect critical attacks.

This disconnect tends to increase the workload on busy technology professionals, causing higher attrition rates and a lack of focus on critical long-term activities that provide durable support to network infrastructures. The few talented cybersecurity professionals who are available are unlikely to have time for additional skills development or strategic planning, simply due to their workloads.

IoT and Digital Transformation

Technology initiatives, such as Internet of Things (IoT) and digital transformation projects, continue to add complexity to a landscape that’s already riddled with intricacies.  Business leaders need to understand that it’s not simply the CIO who must be concerned about the ongoing cost of cybersecurity missteps, but line managers as well.

Understanding a digital strategy and its weak points is a critical piece to the cybersecurity puzzle. Unfortunately, it’s not just malicious external threats that security professionals must guard against – accidental insider threats are every bit as much of a problem. And when you add in complex technology configurations, the potential for disaster increases.

New Notification Laws

It’s an unfortunate fact that there are tens of thousands of data breaches occurring on an annual basis, and many of them result in the loss of personal or private information. This information, as defined by the New York State Information Security Breach and Notification Act, refers to data elements that are unencrypted and include any of the following:

  • Social Security numbers
  • Driver’s license or other government identification numbers
  • Credit or debit card numbers, account numbers, security codes, access codes or passwords that provide access to the financial accounts

A breach of the personal information in any digital system is identified as “unauthorized acquisition or acquisition without valid authorization of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by a business.”

New York State Notification Requirements

There are specific rules around notification in the event of a data breach.

Nearly every state in the U.S. has specific requirements for notification of affected individuals in the event of a data breach, and the New York state requirements are among the most stringent. Disclosure must be made in the most expedient method possible and without unreasonable delay (unless law enforcement personnel determine that notification will impede an active investigation).

When more than 5,000 New York state residents are impacted by a data breach, it’s important that you also notify all three major reporting agencies with details on the timing, content of the breach and an approximate number of individuals who were impacted. There are a variety of options to provide notice to people affected by a security incident:

  • Electronic notice, such as email is acceptable, but only if the individual has previously opted-in to receiving electronic notifications from your organization.
  • Written notice is the default choice for notification. However, if written notification is found by the NYS Attorney General to be cost-prohibitive, then email notices and conspicuous posting on your business website and a notification to major statewide media may be substituted for written notice.

If you don’t follow these notification rules, you’re risking a potential court injunction by the NYS Attorney General for losses incurred due to lack of notification. A civil penalty is also a serious possibility, especially if it is discovered that the business or individual who experienced the breach did not make an attempt to notify affected individuals in a timely manner.

Managing notifications and customer communications after a breach can be costly in terms of time, lost customers, and a lack of focus on key business initiatives. When you have a professional security team monitoring your account, you’re much less likely to experience this. Krantz Secure Technologies will work closely with business teams to determine the right level of IT support for your particular organization.

Contact us today at (212) 286-0325 or via email at for a free IT consultation and learn how our aggressive security measures can help protect your digital assets.

Call Now! (212) 286-0325

Looking for the very best in network services in New York City? Call Krantz Secure Technologies today to speak with one of our business technology specialists.