United States of America: Governor signed Bill amending data breach notification requirements in General Business Law (Bill No. S02659)

On 21 December 2024, the New York Governor signed Bill S02659, amending data breach notification requirements in the General Business Law. The bill applies to businesses and individuals who own, license, or maintain computerised data with the private information of New York residents. It requires notifying affected individuals within 30 days of discovering a breach. For data maintained but not owned, the owner or licensee must be notified. If New York residents are impacted, several agencies including the state attorney general, the Department of State, the Division of State Police, and the Department of Financial Services must be informed, and a copy of the notice template must be provided.