New York Governor Andrew Cuomo recently signed into law a pair of bills establishing new requirements for businesses that process certain personal information relating to New York residents. The changes include expanding the scope of information covered by New York's data breach notification law. Businesses maintaining the private information of New York residents will now be required to develop reasonable safeguards within their organisation as part of a new reasonable security requirement.
In a legislative environment charitably described as challenging, the fact that the Senate recently passed cybersecurity legislation by unanimous consent is noteworthy and highlights the bipartisan nature of this issue. The bill requires the newly-formed Department of Homeland Security teams to provide assistance to public and private entities, on request, to prepare for and respond to cyber-related incidents, including (among other things) restoring services after a cyber incident.