These days, news of the latest data breach - whether involving a local “mom and pop” store or a national retailer - is constantly breaking. If it seems like breaches are becoming more and more common, it’s because they are. Much more, as it turns out.
Last week, Attorney General Eric T. Schneiderman announced that, as of May 2016, his office had seen a 40% increase in data breach notifications involving New York residents as compared to the same time period in 2015. He expects that this pace will continue, and that over 1,000 notices will be received by the end of this year. This will be a new record.
Any entity doing business in New York suffering a data breach involving a New York resident must report the breach to the Office of the Attorney General under N.Y. Gen. Bus. Law § 899-aa. In an attempt to streamline the process, affected businesses may now report a data breach and upload a template notice to consumers using an online form available here: https://forms.ag.ny.gov/CIS/breach-reporting.jsp.
The State isn’t just trying to make things easier post-breach, though. Legislation proposed last year would bring sweeping changes to Section 899-aa, extending its scope of protection and creating substantive security requirements, among other things. Assuming modifications to the statute are ultimately made, only time will tell if fewer breaches will result. With latest reports revealing the cost of New York breaches to be about $1.4 billion in 2013 alone, any reduction would be a welcome change to the recent trend.