File #: Res 0783-2025    Version: * Name: Enacting the New York Data Protection Act. (S. 4860)
Type: Resolution Status: Committee
Committee: Committee on Technology
On agenda: 2/27/2025
Enactment date: Law number:
Title: Resolution calling on the New York State Legislature to pass, and the Governor to sign, S.4860, in relation to enacting the New York Data Protection Act.
Sponsors: Nantasha M. Williams, Chris Banks
Council Member Sponsors: 2
Attachments: 1. Res. No. 783, 2. February 27, 2025 - Stated Meeting Agenda, 3. Hearing Transcript - Stated Meeting 2-27-25

Res. No. 783

 

Resolution calling on the New York State Legislature to pass, and the Governor to sign, S.4860, in relation to enacting the New York Data Protection Act.

 

By Council Members Williams and Banks

 

Whereas, Advances in digital technologies have enabled governments to collect and analyze vast amounts of data to inform decisions and develop effective policies; and

Whereas, Data-driven policymaking may sometimes require the collection of personally identifiable information, which is information that can be plausibly linked directly or indirectly to an individual, such as a name, social security number, or biometric information; and

Whereas, Personally identifiable information is often stored on information technology systems that can be targets of potential bad actors that wish to access this information for use in subsequent criminal activity; and

Whereas, According to the federal office of management and budget, in 2023, 11 major information security incidents occurred within federal agencies that likely resulted in demonstrable harm to national security interests or likely involved personally identifiable information that, if compromised, would harm national security interests; and

Whereas, These information security incidents can also occur at the state and local level, such as in 2022 when cyber criminals gained access to Suffolk county’s information technology system, stole social security numbers and driver’s license numbers of Suffolk county residents, and published this information on the dark web; and

Whereas, In recent years, the New York state legislature has passed several pieces of legislation that enhanced the privacy protection of health data, required companies to report information security incidents within 30 days, and required companies that handle personal information to create and implement plans to safeguard personal information; and

Whereas, While these laws regulate interactions between the private sector and the state of New York’s residents, there is also a need to regulate how the state government itself collects and manages the personally identifiable information of individuals; and

Whereas, S.4860, introduced by state senator James Sanders Jr. and pending in the New York state senate, would confer the right to be informed of personally identifiable information collected by state government agencies and state government contractors and the right to delete such personally identifiable information collected by state government agencies and state government contractors; and

Whereas, This legislation would restrict how personally identifiable information collected by one state government agency can be shared with another state government agency, and would prohibit state government agencies and state government contractors from selling the personally identifiable information collected; and

Whereas, A state law informing New York residents of the categories and specific kinds of personally identifiable information that government agencies or government contractors collect, and allowing them to request the deletion of such information, would provide individuals with an additional tool that could be used to protect their privacy; now, therefore, be it

Resolved, That the Council of the City of New York calls on the New York state legislature to pass, and the governor to sign, S.4860, in relation to enacting the New York data protection act.

 

 

DJS

LS #18600

02/21/2025