In the summer of 2019 New York State Govenor Andrew Cuomo signed Senate Bill S5575B, known as the SHIELD Act, into law. The law broadened notification requirements for both government organizations and private companies when they have breaches of data. Under the law New York State companies and government organizations must now notify consumers when their data has been part of a data breach. Before landing on Govenor Cuomo's desk the bill received strong bipartisan support on the floor of the New York Senate accruing 66% of votes. But unfortunately some senators did not believe New Yorkers deserved to be notified when their data was tampered with or stolen. privateparts.org reached out to Senator Betty Little for comment on why she decided that the people of the North Country didn't need to know when companies or the government mishandled their data. Senator Little's Legislative Director, Carmella Mantello, weighed in saying:
As stated, this was an Attorney General departmental bill. This law updated NY's date breach notification law. While there are carve outs for larger already regulated industries, Senator Little is very concerned with the disastrous impact this now law may have on small businesses. The law now requires any business not already regulated by certain federal laws and NYS regulations with less than 50 employees, less than $3 million gross revenue, or less than $5 million in year-end assets to have "reasonable" security over a consumer's private information. While the bill only requires "reasonable" security based on size and complexity of the small business, there is no information to guide small businesses as to what that means. The bill stated the AG had suggested they will put guides together and do community outreach. However, the AG's office is not required to do so under the statute. Senator Little feels the bill authorizes the AG to seek penalties from small businesses and adds another regulatory hurdle for such businesses. For these reasons, Senator Little voted no on the Shield Act.
The full email correspondence can be seen below.