Jump to main content
NY.gov Portal State Agency Listing
DOS, Consumer Protection logo DOS Home | About Us | Contact Us | Site Index | En Español | FOIL
Andrew M. Cuomo - Governor          
Consumer Topics A-Z Accessibility Disclaimer Privacy Policy
Consumer Response to a Data Security Breach
image showing a laptop with a padlock

Pursuant to New York State law, businessess and other entities must notify any resident of New York State whose private information was, or is reasonably believed to have been, acquired by a person without valid authorization. Private information is defined as a person's name, Social Security number, driver's license number, bank account number, and/or credit and debit card number with personal identification number (PIN) or access code.

Affected consumers are generally notified by U.S. mail, but under certain circumstances notification may be made by e-mail, telephone, website posting or through the media. The breaching entity must also inform the New York State Department of State Division of Consumer Protection, the Office of the New York State Attorney General, and the New York State Division of Homeland Security Office of Cyber Security.

The Division's New York State Security Breach Law Fact Sheet for Consumers has more information regarding this Law.

What Steps Should You Take?

The Division advises consumers who believe their identity or personal privacy may have been compromised by a data security breach to:

The Security Breach Data Check List further outlines this information. Visit the Data Security Breach Alerts page to view the latest reported data security breaches affecting New York consumers.

 

Last Modified: April 26, 2011