New York Privacy Act Is Reintroduced

On January 5, 2022, the Assembly Bill ('AB') A680A for the New York Privacy Act (the ‘Act’) was reintroduced following its original introduction in 2021 that resulted in insufficient process. According to a statement by New York State Assembly Speaker Carl E. Heastie, the Act is intended to “help New Yorkers regain their privacy.”

Specifically, the Act will mandate the following:

• businesses must receive consumer consent before processing and sharing the personal data that they have obtained;

• consumers must be given the opportunity to request a list of all of the entities with which the company intends to share consumers' information;

• consumers must be given the right to correct or delete any incorrect information prior to a business sharing the information;

• businesses must conduct regular process assessments to ensure that the data that they are sharing is not being utilized for unacceptable purposes, as defined by New York law; and

• businesses must maintain reasonable security measures and notify consumers of foreseeable harms stemming from unauthorized access to consumers' personal data.

Although this new act would only apply to persons conducting business in New York or producing products or services targeted to New York residents, in this ever-changing and rapidly evolving legislative environment, businesses across the country could benefit from a review of the Act to establish an understanding of upcoming privacy legislative trends and should be aware of the progression of these types of bills.