April 4, 2022

NY Privacy Law - Let's get into the details

Everything You Need to Know About S6701 - The New York Privacy Law and how this new bill could affect businesses that deal with personal data.

Event Date:
Hosted By:
Register Now
Mark Rowan

Several comprehensive privacy legislation are now being debated at the state level. In reality, in reaction to the expanding cybersecurity threat, many states have proposed a slew of privacy measures in the previous two years. Organizations have observed a considerable surge in cybercrime as a result of the COVID-19 epidemic. Organizations are looking into more robust ways to protect consumer data as a result of this. Local government officials are also drafting legislation to protect consumers' personal data from the companies themselves. One such legislation is the New York Privacy Law, or Bill S6701/S6701A.

New York's Data Privacy Act has not yet been signed into law, but if it is, it will be the most comprehensive and comprehensive protection of consumer data privacy rights in the country.

NY's Data Privacy Act, proposed in Senate Bill S6701 and Assembly Bill A680A, aims to provide New Yorkers more control over their personal data and privacy rights by requiring businesses to comply with many new requirements. Many experts feel that the current version of the New York Privacy Act contains more data and personal privacy protection provisions than the state of California's recently passed CCPA and CPRA statutes.

In this guide, we'll break down exactly what the new bill entails in terms of data privacy and data governance, and how it might affect business owners.

What is the New York Privacy Law (S6701)?

The New York Privacy Act will be enacted as a result of the passage of the S6701 bill, which will focus on safeguarding consumers' personal data and privacy. Companies must publish their techniques for de-identifying personal data and set protections for personal data sharing under the New York Privacy Act. It also gives consumers the right to know which entities have access to their personal information. The New York Senate Privacy Act aims to help New Yorkers restore their privacy by requiring businesses to obtain authorization from customers before processing their personal data. The law gives New York residents more control over their personal information and establishes requirements for corporations to maintain personal data responsibly and lawfully. 

The bill includes a number of essential provisions to preserve consumer data privacy.

The Right to Notice
  • Consumers' data rights, including the ability to revoke consent.
  • Personal data categories processed by the company or any third-party organization.
  • All parties to whom the company discloses, uses, shares, or sells personal data are identified.
  • The source of data collecting and processing, as well as the reason for doing so.
  • Each category of personal data gathered and processed has a different retention term.
  • Whether or not personal data is used for targeted advertising, as well as the estimated ARR per user from tailored advertising.
Opt-In and Opt-Out Consent

The New York Privacy Act requires businesses to get explicit and informed opt-in agreements from customers before processing personal data or making changes to the purpose, method, or extent of data collection. The category and purpose for collecting and processing the data must be clearly described in the company's request for opt-in consent. It should clearly state the option of providing only the consent required for certain services or commodities, as well as the option to refuse consent. The law also stipulates that any third-party involvement in the sharing, disclosing, transferring, or selling of personal data must be disclosed in the opt-in consent request. In addition, the consent request must specify the kind of data and the time period for which it will be kept.

The Right to Delete

Consumers can request the permanent deletion of their personal data held by businesses under the New York Privacy Act. The "Right to Delete" imposes the following obligations on businesses:

  • Upon receiving a validated request for deletion, a company or controller must remove the consumer's personal data.
  • The company should notify all third parties with whom it had shared or given personal data about the deletion request.
  • Personal data related to deactivated user accounts should be removed by the company.
  • A corporation must implement measures to prevent the deleted data from reappearing in its systems.

Automated decision-making, responding to requests, and implementation and non-waiver of rights are all covered by the Consumer Rights portion of the New York Privacy Act 2021.

Companies must process the following step after receiving a valid request from a consumer, according to the New YorkPrivacy Act:

  • Check to see if the personal data is being handled.
  • Provide organized and machine-readable access to the consumer's personal data.
  • Provide the names and contact information for each processor, as well as any third party entities to whom personal and sensitive data is disclosed or sold.
  • The type of personal data that is disclosed and why it is shared.
  • Allow the data to be freely transmitted to another person in accordance with the consumer's wishes.
  • Investigate any inconsistencies in a consumer's personal data and repair them as needed within a specified timeframe.
Additional Notes on the New York Privacy Act

Companies must establish, implement, and maintain adequate procedures to preserve the security, confidentiality, and integrity of consumers' personal data under Section 1103 of the New York Privacy Act. It specifies unequivocally that organizations collecting personal data should limit their use and retention to the minimum required to offer the service and only for the duration of the opt-in consent period.

According to the law, businesses must dispose of all unnecessary personal data at least once a year or before the end of the consent period. Companies must not discriminate against customers who use their rights under the New York Privacy Act while fulfilling their obligations.

How Exactly Does the New York Privacy Act Define Personal Data?

Personal data is defined as any information that identifies or may fairly be linked, directly or indirectly, to a specific natural person, household, or device under the New York Privacy Act. De-identified data is not included in the definition of personal data. The bill makes no mention of a "sensitive data" category that would be subject to further limitations.

How Exactly Does the New York Privacy Act Define and Approach Consent?

Consent under the New York Privacy Act is defined as a clear affirmative act signalling a freely offered, explicit, informed, and unequivocal statement of a consumer's approval to the processing of data belonging to the consumer. Consumers have the right to revoke their permission at any moment.

Consent does not include the following:

  • A broad terms of service agreement or a similar document that refers to unconnected information in addition to the processing of personal data.
  • An agreement reached through dishonesty, trickery, or fraud.
  • Hovering over, pausing, or closing any material that does not demonstrate a user's intent to interact with another party.
  • A checkbox that has been pre-checked or a comparable default.

Opt-in consent is used in the New York Privacy Act. Prior to processing, controllers must obtain freely offered, specific, informed, and clear opt-in consent.

Who Does the New York Privacy Act Affect and Apply To in Terms of Consumers?

The New York Privacy Act will benefit all New York customers. Consumers have the right to notice, access, portable data, correct, remove, and challenge automated decision-making under the New York Privacy Act. A controller who handles a consumer's personal data must offer notice in a prominent and easily accessible manner that is both publicly and permanently available. This notification must include the following information:

  • A description of the rights of the customer.
  • The types of personal data that the controller and any processor process.
  • Personal data is obtained from a variety of sources.
  • The name of each third party to whom the controller disclosed, shared, transferred, or sold personal data, as well as details on the categories of data, purposes, and retention periods.
  • For each kind of personal data, the controller's retention period.
  • For controllers that engage in targeted advertising, the average projected revenue per user ora similar statistic is used.

The New York Privacy Act mandates that notices be written in simple language suitable for children in the eighth grade or below, and that they be updated at least once a year. In the event of a breach of the opt-in consent, automated decision-making, and/or controller response portions, the New York Privacy Act provides consumers with a private right of action.

Who Does the New York Privacy Act Affect and Apply To in Terms of Organizations?

The New York Privacy Act would apply to legal entities that do business in New York or create products or services aimed at New York citizens and meet one or more of the following criteria:

  • The company's yearly gross revenue must be at least $25 million.
  • Personal data of 100,000 or more consumers is controlled or processed by the company.
  • Personal data of 500,000 or more natural persons is controlled or processed by the entity, and personal data of 10,000 or more consumers is controlled or processed by the entity.
  • Personal data sales account for more than half of the company's gross revenue, and it controls or processes the personal data of at least 25,000 customers.
What is the Potential Impact of the Pending Law on Businesses?

Basically, failure to comply with this law once it is passed could result in a number of significant penalties for businesses, organizations, legal persons, and related entities. Civil penalties, including fines of up to $15,000 per infringement, can be imposed for violations. Penalties will be established based on the nature, severity, duration, willfulness, and persistence of the misconduct, according to the set rules. Because violations are counted per customer, it's simple for any company, especially one that deals in vast amounts of data, to rack up hefty fines if it doesn't follow the new rules. Furthermore, businesses will be impacted in the sense that they will have to funnel resources and assign staff to fulfill their compliance strategy.

What Responsibilities Do Controllers and Processors Have Under the Act?

Controllers must conduct and document data protection assessments on a regular basis. Controllers are also owed a duty of loyalty and care under the New York Privacy Act. Controllers must also examine their retention procedures at least once a year and must not discriminate against customers who exercise their privacy rights. Notably, before disclosing, transferring, or selling personal data, controllers must enter into formal, signed contracts with any processors.

Processors must adhere to these contracts(which include various obligations and restrictions outlined in the New York Privacy Act) and are required to conduct reasonable reviews of their activities on a regular basis. Third parties are only allowed to process data to the degree that it is permitted, and they must usually comply with any consumer privacy rights exercises.

How to Make Sure Your Organization is Compliant with the New York Privacy Law

Should the bill be passed, it’s vital for organizations to be compliant with the law to avoid the potential negative impact noted in the previous section. Luckily, this isn’t too difficult to do.

While the New York Privacy Act is breaking new ground by imposing considerably more restrictive legal requirements than any other current data privacy protection legislation, there are ways to ensure compliance.

We recommend the following to ensure that your company complies with the New York Data Privacy Act:

  • Conduct a thorough data mapping exercise to learn how your company collects, processes, and manages personal information.
  • Conduct a gap analysis to identify and resolve any data privacy gaps in your process, such as ongoing compliance management, timely replies to privacy requests, and training, to ensure that your entire organization's procedures are up to date and compliant with the new law.
  • Conduct bi-annual audits to ensure that your business procedures and processes are up to date.

Data Sentinel has developed technology to help your company automate compliance with all of the complicated data privacy regulations included in the New York Privacy Act, as well as other current data privacy laws such as GDPR and CCPA.

Who and What Entities are Exempt from the New York Privacy Act?

A variety of exemptions are recognized by the New York Privacy Act. Personal data processed by state and local governments, personal data covered by the Gramm-Leach-Bliley Act (GLBA), personal data covered by the Driver's Privacy Protection Act, personal data covered by the Family Educational Rights and Privacy Act, personal data covered by the Farm Credit Act, and protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), would not be covered by this act.

Exemptions would also apply to data kept aspart of employment records for purposes other than sales, as well as data gathered as part of human subjects research. Furthermore, national securities associations governed by the Securities Exchange Act of 1934 would be exempt from the New York Privacy Act.

How is the New York Privacy Law Different from Similar Data Privacy Laws?

The most significant difference between the New York Privacy Act and other recently enacted privacy legislation is that the New York act goes significantly further in limiting organizations' ability to process, keep, and use personal data. The necessity that a business obtains opt-in authorization from consumers before using their data for any purpose is the single-largest and most essential difference. This is a significant departure from the status quo, as none of the current proposed personal privacy rules demand up-front opt-in authorization. 

The New York Privacy Act differs from other data privacy laws in that it requires enterprises to submit thorough disclosures regarding the activities of any third parties to whom they provide personal data. Businesses must also make disclosures about their automated decision-making activities, allow customers to contest automated decisions, and undertake and publish analyses on the implications of their automated processes, in accordance with the law. Businesses would also be required to react to customer requests to update personal data, which is comparable to the CCPA and CRPA regulations in California.

To put it another way, this law goes significantly further than other similar data privacy measures. As a result, if the law passes, it will likely necessitate a large amount of work to ensure that any entity dealing with personal data is able to comply with the new limits and laws.

Recent Updates on the New York Privacy Law

On February 8th, state Senator Kevin Thomas(D) presented S6701A, the New York Privacy Act, which passed out of the Consumer Protection Committee. Consumers will have the right to notice, opt-in for data processing, access, portability, correction, and deletion under the proposed legislation. Consumers in financial services, housing, public accommodations, insurance, and health care services would be able to appeal automated decision-making under the measure. Consumers cannot be treated unfairly if they do not opt-in. The Attorney General would be in charge of enforcing the bill, which includes a PRA. The bill will now be sent to the Internet and Technology Committee for consideration. The session in New York will end on June 2nd 2022.

When Will the New York Privacy Law be Passed?

To be clear, at the time of this writing, this law has not yet been passed, and there is no way of knowing when it will become law. The New York Privacy Act will not take effect until it has been enacted by the New York Senate and signed into law by the Governor. Sections 1101, 1102, 1103, 1105, 1106, and 1107 of the New York Privacy Act will take effect two years after it is signed into law. It will take three years for the private right of action to take effect.

Conclusion

Several new bills have been proposed in the last two years, resulting in a more severe and localized data privacy landscape in the United States. CCPA, SHIELD, Nevada Privacy Law, and Maine Privacy Law are examples of state-level regulations that herald a new era in which residents' privacy and the need to protect their personal data are prioritized (at all times). Installing policies, methods, and ethics that enable data privacy as a supreme denominator of their commercial operations is a notable step for enterprises and other entities subject to these regulations. For enterprises to survive and grow in marketplaces controlled by data privacy laws, they must play by the rules.

The New York Privacy Law is similar in that it requires businesses to manage consumer data responsibly and in accordance with laws in order to secure complete data privacy. Failure to comply can result in hefty penalties, and achieving compliance necessitates in-depth knowledge and prompt action. Luckily, Data Sentinel is here to help your organization improve its compliance strategy, no matter what law comes into play.

Sign up to be notified
about future publications!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
April 4, 2022

NY Privacy Law - Let's get into the details

Everything You Need to Know About S6701 - The New York Privacy Law and how this new bill could affect businesses that deal with personal data.

Date:
Hosted By:
Register Now

Several comprehensive privacy legislation are now being debated at the state level. In reality, in reaction to the expanding cybersecurity threat, many states have proposed a slew of privacy measures in the previous two years. Organizations have observed a considerable surge in cybercrime as a result of the COVID-19 epidemic. Organizations are looking into more robust ways to protect consumer data as a result of this. Local government officials are also drafting legislation to protect consumers' personal data from the companies themselves. One such legislation is the New York Privacy Law, or Bill S6701/S6701A.

New York's Data Privacy Act has not yet been signed into law, but if it is, it will be the most comprehensive and comprehensive protection of consumer data privacy rights in the country.

NY's Data Privacy Act, proposed in Senate Bill S6701 and Assembly Bill A680A, aims to provide New Yorkers more control over their personal data and privacy rights by requiring businesses to comply with many new requirements. Many experts feel that the current version of the New York Privacy Act contains more data and personal privacy protection provisions than the state of California's recently passed CCPA and CPRA statutes.

In this guide, we'll break down exactly what the new bill entails in terms of data privacy and data governance, and how it might affect business owners.

What is the New York Privacy Law (S6701)?

The New York Privacy Act will be enacted as a result of the passage of the S6701 bill, which will focus on safeguarding consumers' personal data and privacy. Companies must publish their techniques for de-identifying personal data and set protections for personal data sharing under the New York Privacy Act. It also gives consumers the right to know which entities have access to their personal information. The New York Senate Privacy Act aims to help New Yorkers restore their privacy by requiring businesses to obtain authorization from customers before processing their personal data. The law gives New York residents more control over their personal information and establishes requirements for corporations to maintain personal data responsibly and lawfully. 

The bill includes a number of essential provisions to preserve consumer data privacy.

The Right to Notice
  • Consumers' data rights, including the ability to revoke consent.
  • Personal data categories processed by the company or any third-party organization.
  • All parties to whom the company discloses, uses, shares, or sells personal data are identified.
  • The source of data collecting and processing, as well as the reason for doing so.
  • Each category of personal data gathered and processed has a different retention term.
  • Whether or not personal data is used for targeted advertising, as well as the estimated ARR per user from tailored advertising.
Opt-In and Opt-Out Consent

The New York Privacy Act requires businesses to get explicit and informed opt-in agreements from customers before processing personal data or making changes to the purpose, method, or extent of data collection. The category and purpose for collecting and processing the data must be clearly described in the company's request for opt-in consent. It should clearly state the option of providing only the consent required for certain services or commodities, as well as the option to refuse consent. The law also stipulates that any third-party involvement in the sharing, disclosing, transferring, or selling of personal data must be disclosed in the opt-in consent request. In addition, the consent request must specify the kind of data and the time period for which it will be kept.

The Right to Delete

Consumers can request the permanent deletion of their personal data held by businesses under the New York Privacy Act. The "Right to Delete" imposes the following obligations on businesses:

  • Upon receiving a validated request for deletion, a company or controller must remove the consumer's personal data.
  • The company should notify all third parties with whom it had shared or given personal data about the deletion request.
  • Personal data related to deactivated user accounts should be removed by the company.
  • A corporation must implement measures to prevent the deleted data from reappearing in its systems.

Automated decision-making, responding to requests, and implementation and non-waiver of rights are all covered by the Consumer Rights portion of the New York Privacy Act 2021.

Companies must process the following step after receiving a valid request from a consumer, according to the New YorkPrivacy Act:

  • Check to see if the personal data is being handled.
  • Provide organized and machine-readable access to the consumer's personal data.
  • Provide the names and contact information for each processor, as well as any third party entities to whom personal and sensitive data is disclosed or sold.
  • The type of personal data that is disclosed and why it is shared.
  • Allow the data to be freely transmitted to another person in accordance with the consumer's wishes.
  • Investigate any inconsistencies in a consumer's personal data and repair them as needed within a specified timeframe.
Additional Notes on the New York Privacy Act

Companies must establish, implement, and maintain adequate procedures to preserve the security, confidentiality, and integrity of consumers' personal data under Section 1103 of the New York Privacy Act. It specifies unequivocally that organizations collecting personal data should limit their use and retention to the minimum required to offer the service and only for the duration of the opt-in consent period.

According to the law, businesses must dispose of all unnecessary personal data at least once a year or before the end of the consent period. Companies must not discriminate against customers who use their rights under the New York Privacy Act while fulfilling their obligations.

How Exactly Does the New York Privacy Act Define Personal Data?

Personal data is defined as any information that identifies or may fairly be linked, directly or indirectly, to a specific natural person, household, or device under the New York Privacy Act. De-identified data is not included in the definition of personal data. The bill makes no mention of a "sensitive data" category that would be subject to further limitations.

How Exactly Does the New York Privacy Act Define and Approach Consent?

Consent under the New York Privacy Act is defined as a clear affirmative act signalling a freely offered, explicit, informed, and unequivocal statement of a consumer's approval to the processing of data belonging to the consumer. Consumers have the right to revoke their permission at any moment.

Consent does not include the following:

  • A broad terms of service agreement or a similar document that refers to unconnected information in addition to the processing of personal data.
  • An agreement reached through dishonesty, trickery, or fraud.
  • Hovering over, pausing, or closing any material that does not demonstrate a user's intent to interact with another party.
  • A checkbox that has been pre-checked or a comparable default.

Opt-in consent is used in the New York Privacy Act. Prior to processing, controllers must obtain freely offered, specific, informed, and clear opt-in consent.

Who Does the New York Privacy Act Affect and Apply To in Terms of Consumers?

The New York Privacy Act will benefit all New York customers. Consumers have the right to notice, access, portable data, correct, remove, and challenge automated decision-making under the New York Privacy Act. A controller who handles a consumer's personal data must offer notice in a prominent and easily accessible manner that is both publicly and permanently available. This notification must include the following information:

  • A description of the rights of the customer.
  • The types of personal data that the controller and any processor process.
  • Personal data is obtained from a variety of sources.
  • The name of each third party to whom the controller disclosed, shared, transferred, or sold personal data, as well as details on the categories of data, purposes, and retention periods.
  • For each kind of personal data, the controller's retention period.
  • For controllers that engage in targeted advertising, the average projected revenue per user ora similar statistic is used.

The New York Privacy Act mandates that notices be written in simple language suitable for children in the eighth grade or below, and that they be updated at least once a year. In the event of a breach of the opt-in consent, automated decision-making, and/or controller response portions, the New York Privacy Act provides consumers with a private right of action.

Who Does the New York Privacy Act Affect and Apply To in Terms of Organizations?

The New York Privacy Act would apply to legal entities that do business in New York or create products or services aimed at New York citizens and meet one or more of the following criteria:

  • The company's yearly gross revenue must be at least $25 million.
  • Personal data of 100,000 or more consumers is controlled or processed by the company.
  • Personal data of 500,000 or more natural persons is controlled or processed by the entity, and personal data of 10,000 or more consumers is controlled or processed by the entity.
  • Personal data sales account for more than half of the company's gross revenue, and it controls or processes the personal data of at least 25,000 customers.
What is the Potential Impact of the Pending Law on Businesses?

Basically, failure to comply with this law once it is passed could result in a number of significant penalties for businesses, organizations, legal persons, and related entities. Civil penalties, including fines of up to $15,000 per infringement, can be imposed for violations. Penalties will be established based on the nature, severity, duration, willfulness, and persistence of the misconduct, according to the set rules. Because violations are counted per customer, it's simple for any company, especially one that deals in vast amounts of data, to rack up hefty fines if it doesn't follow the new rules. Furthermore, businesses will be impacted in the sense that they will have to funnel resources and assign staff to fulfill their compliance strategy.

What Responsibilities Do Controllers and Processors Have Under the Act?

Controllers must conduct and document data protection assessments on a regular basis. Controllers are also owed a duty of loyalty and care under the New York Privacy Act. Controllers must also examine their retention procedures at least once a year and must not discriminate against customers who exercise their privacy rights. Notably, before disclosing, transferring, or selling personal data, controllers must enter into formal, signed contracts with any processors.

Processors must adhere to these contracts(which include various obligations and restrictions outlined in the New York Privacy Act) and are required to conduct reasonable reviews of their activities on a regular basis. Third parties are only allowed to process data to the degree that it is permitted, and they must usually comply with any consumer privacy rights exercises.

How to Make Sure Your Organization is Compliant with the New York Privacy Law

Should the bill be passed, it’s vital for organizations to be compliant with the law to avoid the potential negative impact noted in the previous section. Luckily, this isn’t too difficult to do.

While the New York Privacy Act is breaking new ground by imposing considerably more restrictive legal requirements than any other current data privacy protection legislation, there are ways to ensure compliance.

We recommend the following to ensure that your company complies with the New York Data Privacy Act:

  • Conduct a thorough data mapping exercise to learn how your company collects, processes, and manages personal information.
  • Conduct a gap analysis to identify and resolve any data privacy gaps in your process, such as ongoing compliance management, timely replies to privacy requests, and training, to ensure that your entire organization's procedures are up to date and compliant with the new law.
  • Conduct bi-annual audits to ensure that your business procedures and processes are up to date.

Data Sentinel has developed technology to help your company automate compliance with all of the complicated data privacy regulations included in the New York Privacy Act, as well as other current data privacy laws such as GDPR and CCPA.

Who and What Entities are Exempt from the New York Privacy Act?

A variety of exemptions are recognized by the New York Privacy Act. Personal data processed by state and local governments, personal data covered by the Gramm-Leach-Bliley Act (GLBA), personal data covered by the Driver's Privacy Protection Act, personal data covered by the Family Educational Rights and Privacy Act, personal data covered by the Farm Credit Act, and protected health information covered by the Health Insurance Portability and Accountability Act (HIPAA), would not be covered by this act.

Exemptions would also apply to data kept aspart of employment records for purposes other than sales, as well as data gathered as part of human subjects research. Furthermore, national securities associations governed by the Securities Exchange Act of 1934 would be exempt from the New York Privacy Act.

How is the New York Privacy Law Different from Similar Data Privacy Laws?

The most significant difference between the New York Privacy Act and other recently enacted privacy legislation is that the New York act goes significantly further in limiting organizations' ability to process, keep, and use personal data. The necessity that a business obtains opt-in authorization from consumers before using their data for any purpose is the single-largest and most essential difference. This is a significant departure from the status quo, as none of the current proposed personal privacy rules demand up-front opt-in authorization. 

The New York Privacy Act differs from other data privacy laws in that it requires enterprises to submit thorough disclosures regarding the activities of any third parties to whom they provide personal data. Businesses must also make disclosures about their automated decision-making activities, allow customers to contest automated decisions, and undertake and publish analyses on the implications of their automated processes, in accordance with the law. Businesses would also be required to react to customer requests to update personal data, which is comparable to the CCPA and CRPA regulations in California.

To put it another way, this law goes significantly further than other similar data privacy measures. As a result, if the law passes, it will likely necessitate a large amount of work to ensure that any entity dealing with personal data is able to comply with the new limits and laws.

Recent Updates on the New York Privacy Law

On February 8th, state Senator Kevin Thomas(D) presented S6701A, the New York Privacy Act, which passed out of the Consumer Protection Committee. Consumers will have the right to notice, opt-in for data processing, access, portability, correction, and deletion under the proposed legislation. Consumers in financial services, housing, public accommodations, insurance, and health care services would be able to appeal automated decision-making under the measure. Consumers cannot be treated unfairly if they do not opt-in. The Attorney General would be in charge of enforcing the bill, which includes a PRA. The bill will now be sent to the Internet and Technology Committee for consideration. The session in New York will end on June 2nd 2022.

When Will the New York Privacy Law be Passed?

To be clear, at the time of this writing, this law has not yet been passed, and there is no way of knowing when it will become law. The New York Privacy Act will not take effect until it has been enacted by the New York Senate and signed into law by the Governor. Sections 1101, 1102, 1103, 1105, 1106, and 1107 of the New York Privacy Act will take effect two years after it is signed into law. It will take three years for the private right of action to take effect.

Conclusion

Several new bills have been proposed in the last two years, resulting in a more severe and localized data privacy landscape in the United States. CCPA, SHIELD, Nevada Privacy Law, and Maine Privacy Law are examples of state-level regulations that herald a new era in which residents' privacy and the need to protect their personal data are prioritized (at all times). Installing policies, methods, and ethics that enable data privacy as a supreme denominator of their commercial operations is a notable step for enterprises and other entities subject to these regulations. For enterprises to survive and grow in marketplaces controlled by data privacy laws, they must play by the rules.

The New York Privacy Law is similar in that it requires businesses to manage consumer data responsibly and in accordance with laws in order to secure complete data privacy. Failure to comply can result in hefty penalties, and achieving compliance necessitates in-depth knowledge and prompt action. Luckily, Data Sentinel is here to help your organization improve its compliance strategy, no matter what law comes into play.

Let's talk

Ready To Discuss Your Data Challenges?

Contact us

you may also like