đşđ¸ US-New York
Informations
Extracts :
Extract :
""Consumer" means a natural person who is a New York resident acting only in an individual or household context. It does not include a natural person known to be acting in a professional or employment context."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
""Consumer" means a natural person who is a New York resident acting only in an individual or household context. It does not include a natural person known to be acting in a professional or employment context."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Extracts :
Extract :
There is no information in A 6319/SB 3162/ A 4374/ A 3593/ A 3308/ S 2277/ SB 365/ A 2587/ SB 5555
Extracts :
Extract :
""Controller" means the person who, alone or jointly with others, determines the purposes and means of the processing of personal data." ""Processor" means a person that processes data on behalf of the
21 controller."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"Jurisdictional scope. 1. This article applies to legal persons that conduct business in New York or produce products or services that are targeted to residents of New York, and that satisfy one or more of the following thresholds:
(a) have annual gross revenue of twenty-five million dollars or more;
(b) controls or processes personal data of fifty thousand consumers or more; or
(c) derives over fifty percent of gross revenue from the sale of personal data."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
There is no information on this in SB 365.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"Yet unlike most other famous privacy laws, the NYPA does not include a category of âsensitive dataâ that usually requires many of its own unique controls and handling laws. "
2023
Reference :
Everything You Need To Know About The New York Privacy Act 2021
Information about New York SB 365
Link to reference Extracts :
Extract :
"Yet unlike most other famous privacy laws, the NYPA does not include a category of âsensitive dataâ that usually requires many of its own unique controls and handling laws. "
2023
Reference :
Everything You Need To Know About The New York Privacy Act 2021
Information about New York SB 365
Link to reference Extracts :
Extract :
"Yet unlike most other famous privacy laws, the NYPA does not include a category of âsensitive dataâ that usually requires many of its own unique controls and handling laws. "
2023
Reference :
Everything You Need To Know About The New York Privacy Act 2021
Information about New York SB 365
Link to reference Extracts :
Extract :
"Yet unlike most other famous privacy laws, the NYPA does not include a category of âsensitive dataâ that usually requires many of its own unique controls and handling laws. "
2023
Reference :
Everything You Need To Know About The New York Privacy Act 2021
Information about New York SB 365
Link to reference Extracts :
Extract :
"Yet unlike most other famous privacy laws, the NYPA does not include a category of âsensitive dataâ that usually requires many of its own unique controls and handling laws. "
2023
Reference :
Everything You Need To Know About The New York Privacy Act 2021
Information about New York SB 365
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"Whenever it appears to the attorney general, either upon complaint or otherwise, that any person or persons has engaged in or is about to engage in any of the acts or practices stated to be unlawful under this article, the attorney general may bring an action or special proceeding in the name and on behalf of the people of the state of New York to enjoin any violation of this article, to obtain restitution of any moneys or property obtained directly or indirectly by any such violation, to obtain disgorgement of any profits obtained directly or indirectly by any such violation, to obtain civil penalties of not more than twenty thousand dollars per violation, and to obtain any such other and further relief as the court may deem proper, including preliminary relief."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Extracts :
Extract :
There is no information on this in the New York Privacy Act or any other reference.
Extracts :
Extract :
There is no information on this in any of the bills.
Extracts :
Extract :
"Creates a private right of action (effective two years after the Actâs effective date) for specific violations of the Act. Plaintiffs may seek compensatory damages, injunctive and declaratory relief, and reasonable attorneysâ fees. For suits brought pursuant to this private right of action, Act establishes a 45-day cure period for small businesses. "
2023
Reference :
State Comprehensive Privacy Law Update â May 1, 2023
State Comprehensive Privacy Law Update â May 1, 2023 | Wilmere Hale
Link to reference Extracts :
Extract :
There is no information on this in any of the bills.
Extracts :
Extract :
There is no information on this in any of the bills.
Extracts :
Extract :
"Whenever it appears to the attorney general, either upon complaint or otherwise, that any person or persons has engaged in or is about to engage in any of the acts or practices stated to be unlawful under this article, the attorney general may bring an action or special proceeding in the name and on behalf of the people of the state of New York to enjoin any violation of this article, to obtain restitution of any moneys or property obtained directly or indirectly by any such violation, to obtain disgorgement of any profits obtained directly or indirectly by any such violation, to obtain civil penalties of not more than twenty thousand dollars per violation, and to obtain any such other and further relief as the court may deem proper, including preliminary relief."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
There is no information on this in any of the bills of NY.
Extracts :
Extract :
Extracts :
Extract :
"A controller shall regularly conduct and document a data protection assessment for each of the controller's processing activities that presents a heightened risk of harm to a consumer. For the purposes of this section, processing that presents a heightened risk of harm to a consumer includes: (A) the processing of personal data for the purposes of targeting advertising, (B) the sale of personal data, (C) the processing of personal data for the purposes of profiling, where such profiling presents a reasonably foreseeable risk of (I) unfair or deceptive treatment of, or unlawful disparate impact on consumers, (II) financial, physical or reputational injury to consumers, (III) a physical or other intrusion upon the solitude or seclusion, or the private affairs or concerns of consumers where such intrusion would be offensive to a reasonable person, or (IV) other substantial injury to consumers; and (D) the processing of sensitive data."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
""De-identified data" means information that does not identify and is not linked or reasonably linkable to a distinct individual or a device, regardless of whether the information is aggregated, and if the covered entity or service provider:
(a) takes reasonable technical measures to ensure that the information cannot, at any point, be used to re-identify any individual or device that identifies or is linked or reasonably linkable to an individual;
(b) publicly commits in a clear and conspicuous manner:
(i) to process and transfer the information solely in a de-identified form without any reasonable means for re-identification; and
(ii) to not attempt to re-identify the information with any individual or device that identifies or is linked or reasonably linkable to an individual; and
(c) contractually obligates any person or entity that receives the information from the covered entity or service provider:
(i) to comply with all of the provisions of this paragraph with respect to the information; and
(ii) to require that such contractual obligations be included contractually in all subsequent instances for which the data may be received."
2023
Reference :
A 6319
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"Any Entity to which the statute applies shall disclose any breach of the security following discovery or notification of the breach in the security of the system to any resident of NY whose private information was, or is reasonably believed to have been, accessed or acquired by a person without valid authorization.
Notice to affected persons is not required if the exposure of private information was an inadvertent disclosure by persons authorized to access private information, and the Entity reasonably determines such exposure will not likely result in misuse of such information, or financial harm to the affected persons or emotional harm in the case of unknown disclosure of online credentials. This determination must be documented in writing and maintained for at least five years. If more than 500 NY residents are affected, the Entity shall provide the written determination to the state Attorney General within ten days after the determination."
2014
Reference :
SECURITY BREACH NOTIFICATION CHART - NY
Information on data breaches in NY | PerkinsCoie
Link to reference Extracts :
Extract :
"If any NY residents are to be notified, the Entity shall notify the state Attorney General, the department of state consumer protection board, and the division of state police as to the timing, content and distribution of the notices and approximate number of affected persons and shall provide a copy of the template notice sent to affected persons. The state AGâs website has a form to be used for notifications."
2014
Reference :
SECURITY BREACH NOTIFICATION CHART - NY
Information on data breaches in NY | PerkinsCoie
Link to reference Extracts :
Extract :
There is no mention of this in the official text SB 3162.
2023
Reference :
SB 3162
Information on New York data protection regulations
Link to reference Extracts :
Extract :
There is no mention of this in the official text SB 3162.
2023
Reference :
SB 3162
Information on New York data protection regulations
Link to reference Extracts :
Extract :
There is no mention of this in the official text SB 3162.
2023
Reference :
SB 3162
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"Controllers must develop, implement, and maintain reasonable safeguards to protect the security, confidentiality and integrity of the personal data of consumers including adopting reasonable administrative, technical and physical safeguards appropriate to the volume and nature of the personal data at issue."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"A controller must allow consumers the right to opt out, at any time, of processing personal data concerning the consumer"
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"Upon a verified request, and to the extent technically feasible, the controller must: (a) provide to the consumer a copy of all of, or a portion of, as designated in a verified request, the consumer's personal data in a structured, commonly used and machine-readable format and (b) transmit the data to another person of the consumer's or their agent's designation without hindrance."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
There is too much information to put here but there is direct provision by the NY Privacy Act for this right.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"Right to notice. (a) Notice. Each controller that processes a consumer's personal data must make publicly and persistently available, in a conspicuous and readily accessible manner, a notice containing the following: (i) a description of the consumer's rights under subdivisions two through seven of this section and how a consumer may exercise those rights, including how to withdraw consent;
(ii) the categories of personal data processed by the controller and by any processor who processes personal data on behalf of the controller;
(iii) the sources from which personal data is collected;
(iv) the purposes for processing personal data; (v) the categories of third parties to whom the controller disclosed, shared, transferred or sold personal data and, for each category of
third party, (A) the categories of personal data being shared, disclosed, transferred, or sold to the third party, (B) the purposes for which personal data is being shared, disclosed, transferred, or sold to the third party, (C) any applicable retention periods for each category of personal data processed by the third parties or processed on their behalf, or if that is not possible, the criteria used to determine the period, and (D) whether the third parties may use the personal data for targeted advertising; (vi) the controller's retention period for each category of personal data that they process or is processed on their behalf, or if that is not possible, the criteria used to determine that period; and (vii) for controllers engaging in targeted advertising, average expected revenue per user (ARPU) or a similar metric for the most recent fiscal year for the region that covers New York."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"A covered entity may not transfer or direct the transfer of the covered data of a covered minor to a third party if the covered entity:
(i) has knowledge that the individual is a covered minor; and
(ii) has not obtained affirmative express consent from the covered minor or the covered minor's parent or guardian."
2023
Reference :
A 6319
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"Upon the verified request of a consumer, a controller shall:
(a) confirm whether or not the controller is processing or has processed personal data of that consumer, and provide access to a copy of any such personal data in a manner understandable to a reasonable consumer when requested; and (b) provide the category of each processor or third party to whom the controller disclosed, transferred, or sold the consumer's personal data and, for each category of processor or third party, (i) the categories of the consumer's personal data disclosed, transferred, or sold to each processor or third party and (ii) the purposes for which each category of the consumer's personal data was disclosed, transferred, or sold to each processor or third party."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
There is too much information to put here but there is direct provision by the NY Privacy Act for this right.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
There is too much information to put here but there is direct provision by the NY Privacy Act for this right.
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
""Consent" means a clear affirmative act signifying a freely given, specific, informed, and unambiguous indication of a consumer's agreement to the processing of data relating to the consumer. Consent may be withdrawn at any time, and a controller must provide clear, conspicuous, and consumer-friendly means to withdraw consent."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
There is no information in A 6319/SB 3162/ A 4374/ A 3593/ A 3308/ S 2277/ SB 365/ A 2587/ SB 5555
Extracts :
Extract :
There is no information in A 6319/SB 3162/ A 4374/ A 3593/ A 3308/ S 2277/ SB 365/ A 2587/ SB 5555
Extracts :
Extract :
There is no information in A 6319/SB 3162/ A 4374/ A 3593/ A 3308/ S 2277/ SB 365/ A 2587/ SB 5555
Extracts :
Extract :
"the transfer is necessary to comply with a legal obligation imposed by federal, state, tribal, or local law, or to establish, exercise, or defend legal claims;"
2023
Reference :
A 6319
Information on New York data protection regulations
Link to reference Extracts :
Extract :
There is no information in A 6319/SB 3162/ A 4374/ A 3593/ A 3308/ S 2277/ SB 365/ A 2587/ SB 5555
Extracts :
Extract :
There is no information in A 6319/SB 3162/ A 4374/ A 3593/ A 3308/ S 2277/ SB 365/ A 2587/ SB 5555
Extracts :
Extract :
There is no information in A 6319/SB 3162/ A 4374/ A 3593/ A 3308/ S 2277/ SB 365/ A 2587/ SB 5555
Extracts :
Extract :
"The EU Adequacy Decision allows the DPF to go into effect immediately, allowing organizations in the EEA to transfer personal data to U.S. companies that self-certify to the DPF. The DPF is based on a system of self-certification where U.S. organizations commit to a set of privacy principles identified by the Department of Commerce ("DoC") . These Principles address certain fundamental data privacy principles such as notice, choice (ability to opt out), accountability for onward transfer, security, data integrity, purpose limitation, access, and recourse.
The new safeguards and redress measures controlling personal data collected by U.S. intelligence agencies also have become effective. The safeguards provide detailed guidelines and procedures governing access to personal data, including subpoena and warrant requirements. In addition, the redress measures available to individuals includes investigation of complaints by U.S. Civil Liberties Protection Officers, with appeals going to a newly created Data Protection Review Court. "
2023
Reference :
US and EU Approve Framework for Personal Data Transfers
Information on EU-US data transfer | White & Case
Link to reference Extracts :
Extract :
"colloquially referred to as Convention 108+, was signed by Austria, Belgium, Bulgaria, Czech Republic, Estonia, Finland, France, Germany, Ireland, Latvia, Lithuania, Luxembourg, Monaco, Netherlands, Norway, Portugal, Spain, Sweden, the U.K., and by Uruguay, one of the six non-European states that have so far joined Convention 108. The other five non-European states are Cape Verde, Mauritius, Mexico, Senegal and Tunisia. Another three countries â Argentina, Burkina Faso and Morocco â have also been invited to accede to the treaty."
2018
Reference :
What does the newly signed 'Convention 108+' mean for UK adequacy?
List of countries in the Convention 108
Link to reference Extracts :
Extract :
There is no information in A 6319/SB 3162/ A 4374/ A 3593/ A 3308/ S 2277/ SB 365/ A 2587/ SB 5555
Extracts :
Extract :
Since the APEC applies to the USA Federal, it is assumed that it applied to all states as well.
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
There is no information in A 6319/SB 3162/ A 4374/ A 3593/ A 3308/ S 2277/ SB 365/ A 2587/ SB 5555
Extracts :
Extract :
There is no information in A 6319/SB 3162/ A 4374/ A 3593/ A 3308/ S 2277/ SB 365/ A 2587/ SB 5555
Extracts :
Extract :
There is no information in A 6319/SB 3162/ A 4374/ A 3593/ A 3308/ S 2277/ SB 365/ A 2587/ SB 5555
Extracts :
Extract :
There is no information on this in the legal text.
Extracts :
Extract :
"Beginning one year after the effective date of this article, an executive officer of a large data holder shall annually certify, in good faith, to the division, in a manner specified by the division that the entity maintains:
(a) internal controls reasonably designed to comply with this article;
and (b) internal reporting structures to ensure that such certifying executive officer is involved in and responsible for the decisions that impact the compliance by the large data holder with this article."
2023
Reference :
A 6319
Information on New York data protection regulations
Link to reference Extracts :
Extract :
Although there is no explicit mention of this, one of the requirements of such an officer mentions the word "qualified" -- which is used to assume this conclusion for this requirement.
2023
Reference :
A 6319
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"3. (a) A covered entity or service provider that has more than fifteen employees, shall designate:
(i) one or more qualified employees as privacy officers; and
(ii) one or more qualified employees (in addition to any employee
designated under subparagraph (i) of this paragraph) as data security officers.
(b) An employee who is designated by a covered entity or a service provider as a privacy officer or a data security officer pursuant to paragraph (a) of this subdivision shall, at a minimum: (i) implement a data privacy program and data security program to safeguard the privacy and security of covered data in compliance with the requirements of this article; and (ii) facilitate the covered entity or service provider's ongoing compliance with this article. (c) A large data holder shall designate at least one of the officers
described in paragraph (a) of this subdivision to report directly to the highest official at the large data holder as a privacy protection officer who shall, in addition to the requirements in paragraph (b) of this subdivision, either directly or through a supervised designee or designees:
(i) establish processes to periodically review and update the privacy and security policies, practices, and procedures of the large data holder, as necessary;
(ii) conduct biennial and comprehensive audits to ensure the policies,
practices, and procedures of the large data holder ensure the large dataholder is in compliance with this article and ensure such audits are accessible to the division upon request;
(iii) develop a program to educate and train employees about compliance requirements of this article;
(iv) maintain updated, accurate, clear, and understandable records of all material privacy and data security practices undertaken by the large data holder; and
(v) serve as the point of contact between the large data holder and enforcement authorities."
2023
Reference :
A 6319
Information on New York data protection regulations
Link to reference Extracts :
Extract :
There is no information in A 6319/SB 3162/ A 4374/ A 3593/ A 3308/ S 2277/ SB 365/ A 2587/ SB 5555
Extracts :
Extract :
"Right to notice. (a) Notice. Each controller that processes a consumer's personal data must make publicly and persistently available, in a conspicuous and readily accessible manner, a notice containing the following: (i) a description of the consumer's rights under subdivisions two through seven of this section and how a consumer may exercise those rights, including how to withdraw consent;"
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"A covered entity or service provider shall have a privacy policy that includes, at a minimum, the following:
(a) The identity and the contact information of:
(i) the covered entity or service provider to which the privacy policy applies (including the covered entity's or service provider's points of contact and generic electronic mail addresses, as applicable for privacy and data security inquiries); and (ii) any other entity within the same corporate structure as the covered entity or service provider to which covered data is transferred by the covered entity."
2023
Reference :
A 6319
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"The categories of personal data processed and purposes for which each category of personal data is processed must be described at a level specific enough to enable a consumer to exercise meaningful control over their personal data but not so specific as to render the notice unhelpful to a reasonable consumer."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extracts :
Extract :
"Right to notice. (a) Notice. Each controller that processes a consumer's personal data must make publicly and
persistently available, in a conspicuous and readily accessible manner,
a notice containing the following:
(i) a description of the consumer's rights under subdivisions two
through seven of this section and how a consumer may exercise those
rights, including how to withdraw consent;
(ii) the categories of personal data processed by the controller and
by any processor who processes personal data on behalf of the controller;
(iii) the sources from which personal data is collected;
(iv) the purposes for processing personal data;
(v) the categories of third parties to whom the controller disclosed,
shared, transferred or sold personal data and, for each category of
third party, (A) the categories of personal data being shared,
disclosed, transferred, or sold to the third party, (B) the purposes for
which personal data is being shared, disclosed, transferred, or sold to
the third party, (C) any applicable retention periods for each category
of personal data processed by the third parties or processed on their
behalf, or if that is not possible, the criteria used to determine the
period, and (D) whether the third parties may use the personal data for
targeted advertising;
(vi) the controller's retention period for each category of personal
data that they process or is processed on their behalf, or if that is
not possible, the criteria used to determine that period; and
(vii) for controllers engaging in targeted advertising, average
expected revenue per user (ARPU) or a similar metric for the most recent
fiscal year for the region that covers New York."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extract :
Extracts :
Extract :
"Right to notice. (a) Notice. Each controller that processes a consumer's personal data must make publicly and
persistently available, in a conspicuous and readily accessible manner,
a notice containing the following:
(i) a description of the consumer's rights under subdivisions two
through seven of this section and how a consumer may exercise those
rights, including how to withdraw consent;
(ii) the categories of personal data processed by the controller and
by any processor who processes personal data on behalf of the controller;
(iii) the sources from which personal data is collected;
(iv) the purposes for processing personal data;
(v) the categories of third parties to whom the controller disclosed,
shared, transferred or sold personal data and, for each category of
third party, (A) the categories of personal data being shared,
disclosed, transferred, or sold to the third party, (B) the purposes for
which personal data is being shared, disclosed, transferred, or sold to
the third party, (C) any applicable retention periods for each category
of personal data processed by the third parties or processed on their
behalf, or if that is not possible, the criteria used to determine the
period, and (D) whether the third parties may use the personal data for
targeted advertising;
(vi) the controller's retention period for each category of personal
data that they process or is processed on their behalf, or if that is
not possible, the criteria used to determine that period; and
(vii) for controllers engaging in targeted advertising, average
expected revenue per user (ARPU) or a similar metric for the most recent
fiscal year for the region that covers New York."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extract :
Extracts :
Extract :
"Right to notice. (a) Notice. Each controller that processes a consumer's personal data must make publicly and
persistently available, in a conspicuous and readily accessible manner,
a notice containing the following:
(i) a description of the consumer's rights under subdivisions two
through seven of this section and how a consumer may exercise those
rights, including how to withdraw consent;
(ii) the categories of personal data processed by the controller and
by any processor who processes personal data on behalf of the controller;
(iii) the sources from which personal data is collected;
(iv) the purposes for processing personal data;
(v) the categories of third parties to whom the controller disclosed,
shared, transferred or sold personal data and, for each category of
third party, (A) the categories of personal data being shared,
disclosed, transferred, or sold to the third party, (B) the purposes for
which personal data is being shared, disclosed, transferred, or sold to
the third party, (C) any applicable retention periods for each category
of personal data processed by the third parties or processed on their
behalf, or if that is not possible, the criteria used to determine the
period, and (D) whether the third parties may use the personal data for
targeted advertising;
(vi) the controller's retention period for each category of personal
data that they process or is processed on their behalf, or if that is
not possible, the criteria used to determine that period; and
(vii) for controllers engaging in targeted advertising, average
expected revenue per user (ARPU) or a similar metric for the most recent
fiscal year for the region that covers New York."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extract :
Extracts :
Extract :
"Right to notice. (a) Notice. Each controller that processes a consumer's personal data must make publicly and
persistently available, in a conspicuous and readily accessible manner,
a notice containing the following:
(i) a description of the consumer's rights under subdivisions two
through seven of this section and how a consumer may exercise those
rights, including how to withdraw consent;
(ii) the categories of personal data processed by the controller and
by any processor who processes personal data on behalf of the controller;
(iii) the sources from which personal data is collected;
(iv) the purposes for processing personal data;
(v) the categories of third parties to whom the controller disclosed,
shared, transferred or sold personal data and, for each category of
third party, (A) the categories of personal data being shared,
disclosed, transferred, or sold to the third party, (B) the purposes for
which personal data is being shared, disclosed, transferred, or sold to
the third party, (C) any applicable retention periods for each category
of personal data processed by the third parties or processed on their
behalf, or if that is not possible, the criteria used to determine the
period, and (D) whether the third parties may use the personal data for
targeted advertising;
(vi) the controller's retention period for each category of personal
data that they process or is processed on their behalf, or if that is
not possible, the criteria used to determine that period; and
(vii) for controllers engaging in targeted advertising, average
expected revenue per user (ARPU) or a similar metric for the most recent
fiscal year for the region that covers New York."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extract :
Extracts :
Extract :
"Right to notice. (a) Notice. Each controller that processes a consumer's personal data must make publicly and
persistently available, in a conspicuous and readily accessible manner,
a notice containing the following:
(i) a description of the consumer's rights under subdivisions two
through seven of this section and how a consumer may exercise those
rights, including how to withdraw consent;
(ii) the categories of personal data processed by the controller and
by any processor who processes personal data on behalf of the controller;
(iii) the sources from which personal data is collected;
(iv) the purposes for processing personal data;
(v) the categories of third parties to whom the controller disclosed,
shared, transferred or sold personal data and, for each category of
third party, (A) the categories of personal data being shared,
disclosed, transferred, or sold to the third party, (B) the purposes for
which personal data is being shared, disclosed, transferred, or sold to
the third party, (C) any applicable retention periods for each category
of personal data processed by the third parties or processed on their
behalf, or if that is not possible, the criteria used to determine the
period, and (D) whether the third parties may use the personal data for
targeted advertising;
(vi) the controller's retention period for each category of personal
data that they process or is processed on their behalf, or if that is
not possible, the criteria used to determine that period; and
(vii) for controllers engaging in targeted advertising, average
expected revenue per user (ARPU) or a similar metric for the most recent
fiscal year for the region that covers New York."
2023
Reference :
SB 365 | New York Privacy Act
Information on New York data protection regulations
Link to reference Extract :
Extracts :
Extract :
Extracts :
Extract :
"maintain updated, accurate, clear, and understandable records of all material privacy and data security practices undertaken by the large data holder;"
2023
Reference :
A 6319
Information on New York data protection regulations
Link to reference Extracts :
Extract :
There is no mention of the size of "business" in the official S 3162 text.
2023
Reference :
SB 3162
Information on New York data protection regulations
Link to reference Extracts :
Extract :
No mention of this in A 6319/HB 3162.
2023
Reference :
A 6319
Information on New York data protection regulations
Link to reference | Name | Short name | Classification | Jurisdiction | Year of creation |
|---|---|---|---|---|
| Attorney General | AG | Regulator | Govt authority/ministry |
| Legal text name | Original text name | Legislation type | Year signed | Regulation status | In effect since | Latest update initiated | Latest update areas | Latest update signed year |
|---|---|---|---|---|---|---|---|---|
| A 6319 | American Data Privacy And Protection Act | General privacy/data protection law | null | In legal process | |||||
| SB 3162 | Companion bill | null | In legal process | |||||
| A 4374 | Companion bill | null | In legal process | |||||
| A 3593 | General privacy/data protection law | null | In legal process | |||||
| A 3308 | Digital Fairness Act, companion bill | Companion bill | null | In legal process | |||||
| S 2277 | Digital Fairness Act, companion bill | Companion bill | null | In legal process | |||||
| SB 365 | New York Privacy Act | General privacy/data protection law | 2023 | Signed, upcoming | |||||
| A 2587 | New York Data Protection Act | General privacy/data protection law | null | In legal process | |||||
| SB 5555 | It's Your Data Act | Companion bill | null | In legal process |