Data Breach

Comptroller DiNapoli's Legislative Program

Legislative Session 2021-2022:

Data Breach – A.7612 (Otis) - Requires the Office of Information Technology Services to notify, within 24 hours following the discovery of a data breach or receiving notice of a data breach or network security breach, the chief information officer or, where appropriate, the chief information security officer of a state entity with which the office shares data of such breach.