If signed into law by the governor, the legislation would expand the scope of information that could trigger a breach notification to affected consumers, and it would require businesses to have reasonable data security safeguards in place.
“These are basic measures that should have been implemented long ago, but New York is ahead of many other states at this point,” said Grabowski, who teaches cyber law at Adelphi University.