-  This bill is not active in this session.
  •  Summary 
  •  Actions 
  •  Committee Votes 
  •  Floor Votes 
  •  Memo 
  •  Text 
  •  LFIN 
  •  Chamber Video/Transcript 

A02374 Summary:

COSPNSRBuchwald, Gottfried, Simon, Seawright, Simotas, Barron, Thiele, Fahy, Wright, Gunther, Solages, Ortiz, Braunstein, Williams, Otis, Rosenthal L, Santabarbara, Galef
Amd §380-t, Gen Bus L
Relates to requiring a consumer credit reporting agency to offer identity theft prevention and mitigation services in the case of a breach of the security of such agency's system.
Go to top    

A02374 Actions:

01/22/2019referred to consumer affairs and protection
02/05/2019reported referred to codes
02/21/2019advanced to third reading cal.60
02/27/2019passed assembly
02/27/2019delivered to senate
06/19/2019SUBSTITUTED FOR S3582
06/19/20193RD READING CAL.870
07/22/2019delivered to governor
07/25/2019signed chap.115
Go to top

A02374 Memo:

submitted in accordance with Assembly Rule III, Sec 1(f)
SPONSOR: Dinowitz
  TITLE OF BILL: An act to amend the general business law, in relation to requiring a consumer credit reporting agency to offer identity theft prevention and mitigation services in the case of a breach of the secu- rity of such agency's system   PURPOSE OR GENERAL IDEA OF BILL: This bill would provide reasonable consumer protections following a breach of consumer credit data at a credit reporting agency (CRA), when such a breach involves social security numbers.   SUMMARY OF SPECIFIC PROVISIONS: Section 1 amends subdivision n of section 380-t of the general business law by adding a new paragraph 3 that would require that when a credit reporting agency suffers a breach of information containing consumer social security numbers, the CRA must provide lifetime identity theft prevention services, and if applicable, identity theft mitigation services to affected customers. Additionally, this new paragraph would prohibit fees relating to the implementation and lifting of security freezes on consumer credit reports, if those reports were part of a breach of information containing social security numbers. Section 2 amends subdivision q of section 380-t of the general business law by including new language to be included in a consumers summary of rights CRAs must provide consumers on credit freezes to inform them that in the instance of a breach of date involving a social security number, that a consumer has the right to freeze their credit at no cost. Section 3 sets the effective date.   JUSTIFICATION: In late July 2017, one of the three main CRAs, Equifax Inc., experienced a major data breach involving personal information that included theft of social security numbers. At the time it was widely reported to impact over 140 million accounts, but the full extent of the breach is still uncertain. CRAs have been the subject of public scrutiny in years past for their inaccurate files kept on unknowing consumers and the cumber- some process they subject average people to in order to rectify such errors. The magnitude of this breach won't be known for years, but the status quo where consumers must bear the burden to protect their own identities is unacceptable. To date, Equifax has offered to waive fees for security freezes for a short time period, and offered 12 months of identity theft prevention services at no charge. This response is simply insufficient given that innocent people's information was stolen through no fault of their own. This legislation aims to establish the minimal amount of long term protection consumers could ask for, and even still it is just that, the bare minimum.   PRIOR LEGISLATIVE HISTORY: 2017-18- A.8695A - Passed Assembly/S.6923A - Referred to Consumer Protection   FISCAL IMPLICATIONS TO THE STATE: None to the state.   EFFECTIVE DATE: This act shall take effect on the sixtieth day after it shall have become a law and shall apply to any breach of the security of a consumer credit reporting agency that occurred no more than three years prior to the effective date of this act.
Go to top