General Liability Insurance
Professional Liability Insurance
Errors and Omissions Insurance
Cyber Liability / Data Breach Insurance
Workers' Compensation Insurance
Business Owner’s Policy
Data Breach Insurance
Certificate of Liability Insurance
Additional Insurance Offerings
4.9 out of 5 Customer Rating
Get in-depth information on essential insurance coverages.
Certificate of Liability insurance
New York businesses that experience a harmful data breach must notify affected New York residents as soon as possible by mail, phone, or email. If the security breach affects more than 500,000 people, or the cost of notification exceeds
$250,000, businesses can use public service announcements instead. A breach that affects more than 5,000 people needs to be reported to all credit-reporting agencies. Whenever New York residents are notified about
their compromised data, the state attorney general, Department of State, and Office of Information Technology Services must also be informed.
Name of Law / Statute
Definition of Protected Information
Combination of (1) name or other identifying info, PLUS (2) one or more of these "data" elements: SSN; driver's license number; or account number, credit card number, debit card number if accompanied by PIN, password, or
access codes, but instead of just name + data, any identifying info/mark + data works
Who Is Subject to Law?
Any person or business conducting business in the state who licenses or owns PI
Notification of Consumers?
By what means?
Written, phone, or electronic; if >5,000 residents, must notify consumer reporting agencies; specific info must be included in notice
Substitute Notice Threshold?
If cost of notice >$250,000 or involves >500k residents
Notification of authorities / regulators required?
Yes (multiple regulators)
Required reporting form
Greater of $5,000 or $10/resident (capped at $150k)
Credit monitoring requirement?
Private lawsuits allowed?
Private damages cap?
Regulatory actions allowed?
HIPAA Compliance exemption?
Other (e.g., timeframe)
Law does not apply if PI was encrypted (unless encryption was compromised)
Link to complete law
Read the full text of New York’s data breach law.