Bill Summary – FastDemocracy

BILL NUMBER: S3344
SPONSOR: PARKER
 
TITLE OF BILL:
An act establishing a commission to study the European Union's general
protection data regulation and the current state of cyber security in
the state
 
PURPOSE OR GENERAL IDEA OF BILL:
Relates to establishing a commission to study cyber security in the
state
 
SUMMARY OF PROVISIONS:
Section 1 states how the commission shall be formed, who will be
involved and their qualifications to do so, and their
responsibilities/items which to focus on/
Section 2 explains that no more than one year after the effective date,
a report shall be submitted to the Governor and legislature regarding
the progress
Section 3 states that the data will be evaluated with aid and assistance
from other experts in related fields
Section 4 states the act shall take effect immediately
 
JUSTIFICATION:
Major data breaches and hacks were exposed. One after another last year.
The cyberattacks highlighted the alarming vulnerability of our citizens'
personal information online. More tools used by hackers have become
public, and it's easier to create sophisticated ways to spread malware
or steal data from government or corporate websites. Companies and
organizations also frequently fail to patch security flaws in their data
and information systems in a timely manner.
In July 2015, cyber criminals penetrated Equifax, one of the largest
credit bureaus, and stole the personal data of 145 million people.  This
incident is considered one of the worst breaches of all time because of
the amount of sensitive personal information misappropriated, Including
Social Security numbers. Equifax revealed the hack more than eight Weeks
later. The Impact could be felt for an unforeseen amount of time because
the data could be used for identity theft.
There have been countless examples of cyberattacks on companies and
organizations, however, government information systems have also been
compromised. For instance, during the presidential primaries in 2016,
over 127,000 voter records went missing in Brooklyn, in the Kings County
Board of elections.  On May 25, 2018, the European Union will implement
the General Data Protection Regulation (GDPR). The regulation was
adopted on April 27, 2016, and is intended to strengthen and unify data
protection for all individuals within the European Union. The regulation
is aimed primarily to give control back to citizens and residents over
their personal data and to simplify the regulatory environment for
international businesses by unifying the regulation within the EU.
Our country and state has a patchwork of laws and regulations that
addresses cybersecurity, however, we must work to provide a comprehen-
sive framework of laws and regulations to protect our citizens and New
Yorkers private information online. Additionally, as we move toward the
Internet of things and having our divides, homes, cities connected to
the Internet, there is a greater risk of cybercrime.
We must protect New Yorkers personal information from online threats,
hackers and cyber criminals. This bill will create a commission to study
and review the European Union's approach to cyber security. Our goal is
to come up with the proper framework to protect New Yorkers personal
information online.
 
PRIOR LEGISLATIVE HISTORY:
2023-24: S7907- Referred to Internet and Technology
2021-22: S.6068 - Committed to Rules
2019-20: S.4744 - Referred to Internet and Technology
2017-18: S.7726 - REFERRED TO VETERANS, HOMELAND SECURITY AND MILITARY
AFFAIRS
 
FISCAL IMPLICATIONS:
To Be Determined
 
EFFECTIVE DATE:
This act shall take effect immediately.