Skip to the main content.
New! Continuous MVR monitoring
Driving record monitoring

Ongoing monitoring of driving records can help employers avoid risk and improve driver safety. Learn about the benefits of adding Verified Credentials' newest solution to your screening strategy.

Read the blog ›

Featured resource

Industry-Trends-Report-01

Learn the latest trends in employment background checks. This report uses real-life usage data to uncover how employers are screening across industries.

Download the full report ›

Verified Credentials is a leading background screening company. Since 1984, we’ve helped validate and secure relationships through the use of our comprehensive screening solutions. We offer a wide variety of background checks, verifications, and innovative screening tools.

Get to know us ›

Accredited background screening solutions

Logo-PBSA-Accreditation-120x98

Our accreditation confirms that our policies, processes, and employee training meet rigorous industry compliance standards.

Learn about our solutions ›

2 min read

Updates to New York’s Data Breach Notification Law Explained

In December 2024, New York Governor Kathy Hochul signed two bills amending the state’s current data breach notification law. Senate Bill S2659B and Assembly Bill A8872A aim to strengthen data breach notification requirements, enhance transparency, safeguard consumer data, and hold businesses accountable for breaches. These amendments apply to New York’s previous data breach notification law, expanding the defined qualifications of what is considered a notifiable data breach and establishing more specific guidelines for notifying consumers and government agencies of these breaches.

 

What has changed?

S2376B: Changes to private information categories

S2376B is in effect as of March 21, 2025. It focuses on broadening the categories of qualified private information that businesses are required to address if a data breach occurs.

  • Medical information: The law defines medical information as “any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional.”
  • Health insurance information: Health insurance information is defined as “an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including, but not limited to, appeals history.”

To read the full details of the amendments to New York’s data breach notification law, take a closer look here.

A8872A: Changes to timeline and reporting

Previously, businesses had no specific timeframe other than being required to notify affected individuals “in the most expedient time possible and without unreasonable delay.” A8872A adds a timeframe and reporting process businesses are obligated to follow in case of a data breach.

  • Timeline for reporting information: Businesses that discover a data breach involving private information are required to notify affected New York residents within 30 days after a breach is discovered.
  • Government reporting for data breaches: In addition to notifying the New York State Attorney General, the Department of State, and the Division of State Police, businesses are now also required to notify the Department of Financial Services (DFS) in the event of a data breach affecting New York residents.

Take a closer look here to see the full text and amendments regarding reporting requirements and timelines.

Enforcement and penalties

The Attorney General is tasked with making sure organizations follow the notification requirements. Meanwhile, the DFS will monitor financial institutions and related entities to ensure they meet the new notification standards. Entities that fail to comply with the updated reporting requirements are subject to facing legal action, including fines and penalties, as outlined in New York's General Business Law.

 

Keeping up with the evolving world of consumer data

All states currently have pre-existing laws requiring businesses to notify consumers in the case of a data breach, but they vary substantially. New York’s amendments to their existing focus on consumer protections, expanding the definition of what qualifies as private information and setting a stricter timeline for notifying consumers and government agencies of a data breach, could potentially set a precedent for other states to reconsider their existing consumer data restrictions and breach reporting policies. As laws that dictate consumer laws, privacy, and reporting continue to evolve, Verified Credentials will try to provide updates as they become available.

This article is for informational purposes only and does not constitute legal advice or official predictions of future laws and regulations. Hiring professionals, HR professionals, and administrators should consult their legal counsel to ensure all actions comply with the law. 

Minnesota Supreme Court Sets the Record Straight on Municipal Employer Liability

A recent court decision has changed how Minnesota courts analyze whether municipalities may be liable for their hiring decisions—emphasizing that...

Read More

Updates to New York’s Data Breach Notification Law Explained

In December 2024, New York Governor Kathy Hochul signed two bills amending the state’s current data breach notification law. Senate Bill S2659B and...

Read More

Expanding Employment Protections for Individuals with Criminal History in Kansas City

In 2018, Kansas City, Missouri, amended Chapter 38of the city code ordinance to expand “ban the box” initiatives, prohibiting private employers and...

Read More

Data Privacy Awareness Continues in the New Year: Nebraska’s Data Privacy Act

2024 was a big year for consumer data privacy laws, with states like Minnesota, Rhode Island,and Montanapassing laws to protect consumer rights and...

Read More

Anti-discrimination Suit Raised Against New York Insurance Company

If you’re an employer that uses background reports, compliance is a priority issue. Federal, state, and local consumer reporting laws are not the...

Read More

New Guidance on Cannabis Drug Tests in New York State

Legal recreational marijuana use continues to shake up drug testing policies in the workplace. The state of New York recently joined the growing list...

Read More