File #: Int 0658-2015    Version: Name: Requiring information security and use of personal information policies for services licensed by taxi and limousine commission.
Type: Introduction Status: Enacted
Committee: Committee on Transportation
On agenda: 2/12/2015
Enactment date: 4/21/2016 Law number: 2016/043
Title: A Local Law to amend the administrative code of the city of New York, in relation to requiring information security and use of personal information policies for services licensed by taxi and limousine commission
Sponsors: Daniel R. Garodnick, Ydanis A. Rodriguez, Margaret S. Chin, Costa G. Constantinides, Deborah L. Rose, Rafael L. Espinal, Jr., Jumaane D. Williams, Fernando Cabrera , Rosie Mendez, Helen K. Rosenthal, Carlos Menchaca, Ben Kallos
Council Member Sponsors: 12
Summary: This bill requires entities licensed by the Taxi and Limousine Commission to protect passenger information—including names, addresses, credit card information, and any GPS data collected a passenger traveling in a TLC-licensed vehicle—and to only use that information for purposes the passenger has authorized. Those who misuse personal informational information would be subject to a penalty of $1,000 per violation.
Indexes: Agency Rule-making Required
Attachments: 1. Legislative History Report, 2. Summary of Int. No 658-A, 3. Summary of Int. No. 658, 4. Int. No. 658 - 2/12/15, 5. Committee Report 2/29/16, 6. Hearing Testimony 2/29/16, 7. Hearing Transcript 2/29/16, 8. Committee Report 4/6/16, 9. Hearing Transcript 4/6/16, 10. April 7, 2016 - Stated Meeting Agenda with Links to Files, 11. Committee Report - Stated Meeting, 12. Hearing Transcript - Stated Meeting 4-7-16, 13. Fiscal Impact Statement, 14. Int. No. 658-A - FINAL, 15. Mayor's Letter, 16. Minutes of the Stated Meeting - April 7, 2016, 17. Local Law 43
Date Ver.Prime SponsorAction ByActionResultAction DetailsMeeting DetailsMultimedia
4/21/2016ADaniel R. Garodnick City Council Recved from Mayor by Council  Action details Meeting details Not available
4/21/2016ADaniel R. Garodnick Mayor Signed Into Law by Mayor  Action details Meeting details Not available
4/21/2016ADaniel R. Garodnick Mayor Hearing Held by Mayor  Action details Meeting details Not available
4/7/2016ADaniel R. Garodnick City Council Sent to Mayor by Council  Action details Meeting details Not available
4/7/2016ADaniel R. Garodnick City Council Approved by CouncilPass Action details Meeting details Not available
4/6/2016*Daniel R. Garodnick Committee on Transportation Hearing Held by Committee  Action details Meeting details Not available
4/6/2016*Daniel R. Garodnick Committee on Transportation Amendment Proposed by Comm  Action details Meeting details Not available
4/6/2016*Daniel R. Garodnick Committee on Transportation Amended by Committee  Action details Meeting details Not available
4/6/2016ADaniel R. Garodnick Committee on Transportation Approved by CommitteePass Action details Meeting details Not available
2/29/2016*Daniel R. Garodnick Committee on Transportation Hearing Held by Committee  Action details Meeting details Not available
2/29/2016*Daniel R. Garodnick Committee on Transportation Laid Over by Committee  Action details Meeting details Not available
2/12/2015*Daniel R. Garodnick City Council Referred to Comm by Council  Action details Meeting details Not available
2/12/2015*Daniel R. Garodnick City Council Introduced by Council  Action details Meeting details Not available

Int. No. 658-A

 

By Council Members Garodnick, Rodriguez, Chin, Constantinides, Rose, Espinal, Williams, Cabrera, Mendez, Rosenthal, Menchaca and Kallos

 

A Local Law to amend the administrative code of the city of New York, in relation to requiring information security and use of personal information policies for services licensed by taxi and limousine commission

 

Be it enacted by the Council as follows:

 

Section 1. Section 19-502 of the administrative code of the city of New York is amended by adding new subdivisions aa, bb, and cc to read as follows:

aa. “Breach of the security of the system” has the same meaning as in paragraph c of subdivision 1 of section 899-aa of the general business law.

bb. “Personal information” has the same meaning as in paragraph a of subdivision 1 of section 899-aa of the general business law and includes such information pertaining to passengers and drivers.

cc. “Passenger geolocation information” means information concerning the location of a wireless communication device that, in whole or in part, is generated by or derived from the operation of such device and that could be used to determine or infer information regarding the present, prospective, or historical location of an individual.

§ 2. Chapter 5 of title 19 of the administrative code of the city of New York is amended by adding a new section 19-546 to read as follows:

§ 19-546 Information security and use of personal information. a. All entities licensed by the commission, or authorized by the commission to provide services regulated by the commission, that collect or maintain passenger personal information or passenger geolocation information shall file with the commission an information security and use of personal information policy. Any policy filed pursuant to this section must include, at a minimum, the following provisions:

(i) a statement of internal access policies relating to passenger and driver personal information for employees, contractors, and third party access, if applicable;

(ii) a statement that, except to the extent necessary to provide credit, debit, and prepaid card services and services for any application that provides for electronic payment, personal information will only be collected and used with such passenger’s affirmative express consent and that such personal information will not be used, shared, or disclosed, except for lawful purposes;

(iii) procedures for notifying the commission and affected parties of any breach of the security of the system, pursuant to section 899-aa of the general business law;

(iv) a statement that any credit, debit, or prepaid card information collected by the entity or a credit, debit, or prepaid card services provider is processed by the entity or such provider in compliance with applicable payment card industry standards;

(v) a statement of the entity’s policies regarding the use of passenger geolocation information, which must include, at a minimum, a prohibition on the use, monitoring, or disclosure of trip information, including the date, time, pick-up location, drop-off location, and real-time vehicle location and any retained vehicle location records, without such passenger's affirmative express consent; and

(vi) and other provisions related to the protection of passenger or driver information that the commission may require by rule.

b. Any entity that files an information security and use of personal information policy pursuant to subdivision a of this section shall comply with the terms of such policy.

c. Any entity that has been found to have violated subdivisions a or b of this section shall be subject to a civil penalty of $1,000 for each offense.

§ 3. This local law shall take effect 120 days after its enactment into law, except that the Taxi and Limousine Commission shall take all necessary action, including the promulgation of rules, prior to such effective date.

 

KET 3/30/16 8:14PM

LS 3441/2014