What is the New York Data Privacy Act?
New York’s Data Privacy Act has not yet been passed into law, but should it get approved, it would become the nation’s most sweeping and intensive protection of consumer data privacy rights.
Proposed in Senate Bill S6701 and the companion Assembly Bill A680A, NY’s Data Privacy Act proposes to help New York citizens control their personal data and privacy rights by requiring companies to:
Many experts agree that the current form of the NY Privacy Act includes broader data and personal privacy protections rules than existing CCPA and CPRA laws recently introduced by the state of California.
Who Will Need to Comply with the NY Data Privacy Act?
The NY Data Privacy Act will apply to any organization that meets or exceeds the following thresholds:
The law allows exemptions for state and local government organizations, and for personal data that is already regulated by HIPAA, HITECH, FERPA, DPPA, GLBA, as well as any “data sets maintained for employment records purposes or for purposes other than sale.”
There are also exemptions for types of personal data too, including:
How Does the NY Privacy Act Differ from Other Data Privacy Laws?
The biggest difference between the NY Privacy Act and other recently introduced privacy laws is that the NY act goes much further in regulating organization’s ability to process, store, and utilize personal data.
The single-biggest and most important difference includes the requirement that an organization must receive opt-in consent from consumers before utilizing their data for any purpose.
None of the current personal privacy laws proposed elsewhere require up-front opt-in consent, so this is a major deviation from the status quo.
Other significant differences between the NY Privacy Act and similar data privacy laws include requiring organizations to:
This law goes much further than other similar legislation covering data privacy protections.
Accordingly, should the law be passed, it may require significant work to ensure that any organization trading in personal data is able to abide by the new restrictions and regulations.
What are the NY Privacy Act Penalties for Failure to Comply?
Violations can result in civil penalties, with fines of up to $15,000 per violation.
Under the written guidelines, penalties will be determined based on the nature, severity, duration, willfulness, and persistence of the misconduct.
Violations are counted per consumer, so it’s quite easy for any organization, especially one that trades in large volumes of data, to rack up expensive penalties should it fail to comply with the new regulations.
When does the NY Privacy Act Go into Effect?
To be clear, this law has not yet been passed, and there’s no telling exactly when it could officially go into law.
The NY Privacy Act will not go into effect until it is first passed by the NY Senate, and then signed into law by the Governor of New York.
How Can I Ensure That My Organization is In Compliance?
While the NY Privacy Act enters unprecedented territory due to issuing far more stringent legal restrictions than any other current data privacy protection legislation, there are solutions available for ensuring compliance.
To ensure that your organization operates in compliance with the NY Data Privacy act, we suggest:
In the wake of other recent data privacy laws like GDPR and CCPA, MatrixPoint has developed a process that will ensure your organization is in compliance with all of the complex data privacy protections included in the NY Privacy Act.
Contact MatrixPoint for Assistance
For assistance in figuring out how to respond to the passing of the NY Data Privacy Act, schedule a free consultation with MatrixPoint.
Call us at 800-683-6983, or simply fill out our contact form.