201912.200

Will New York be Next to Enact a Robust Privacy Law?

Technology has driven disruption in virtually every industry and created an opportunity for businesses to compete in manners previously thought impossible but, with such opportunities, new regulations have emerged at both the state and federal level. Specifically, most businesses have elected to implement new policies, procedures, and safeguards to ensure compliance with the California Consumer Privacy Act (“CCPA”) and the European Union General Data Protection Regulation (“GDPR”). However, one more law that might be added to the list is the New York Privacy Act, currently under consideration by the New York State Legislature.


The New York State Senate, not to be left behind California and the EU, has been actively discussing the New York Privacy Act, which proposes to be the most robust consumer privacy and data protection regulation passed in the United States. The proposed law will regulate any use, storage, or disclosure of personal data of a consumer, and will apply to anyone that does business in New York. These principals are similar to those included in the GDPR and CCPA, however, New York intends to bolster these rules by adding a fiduciary duty, further transparency, and additional notice obligations.


The latest hearing by the New York State Senate in November of 2019 suggested the legislature would be reluctant to pass the legislation if the United States Congress ultimately passes federal legislation, but noted that failure to move at a federal level will result in state legislation. For businesses, this would mean further adjustments to privacy, data security, and technology policies and procedures. Given the myriad of regulations and their evolving nature, each business will need to evaluate how they intend to comply with the regulations and monitor new obligations. As always, the attorneys at Vandenack Weaver are available to provide assistance with these matters.