Why it matters
In a new report, the New York Attorney General's Office revealed that it received 459 data breach notices between January 1, 2016, and May 2, 2016, an increase of 40 percent over the same time period in the prior year, when the office received a total of 327 notices.
"Data breaches are an escalating threat to our personal and national security, and companies need to do more to ensure reasonable security practices and best standards are in place to protect our most sensitive information," Attorney General Eric T. Schneiderman said in a press release. "I am committed to stemming the data breach tide. Making notification to my office easier for companies who have experienced a data breach means quicker notification and quicker resolution for New York's consumers."
New York's Information Security Breach and Notification Act requires companies to provide notice to the AG's Office and consumers in the event of a data breach. Last year, the Office received 809 data breach notices. Given the upward trend already visible in the first half of 2016, the Office expects to receive "well over 1,000 notices" this year, Attorney General Schneiderman said—a new record high.
To improve efficiency with the increased volume, the AG's Office provided companies with the ability to file notice electronically via a submission form on the Office's website. Previously, companies were required to mail, fax, or e-mail their notices.
In addition to details about the entity breached, the form requires companies to select a description of the breach (an external systems breach, for example, or insider wrongdoing), as well as the information acquired in combination with a name or other personal identifier (such as a Social Security number or financial information). Entities must report the total number of consumers affected, and how many New Yorkers were impacted, along with the dates of the breach and when it was discovered. A copy of the notice to affected consumers must be provided to the AG's Office, along with information about whether the company has suffered any other breach notifications within the prior 12 months.
Attorney General Schneiderman has kept a close eye on data breaches in the state during his tenure, releasing a report in 2014 titled "Information Exposed: Historical Examination of Data Security in New York State." Analyzing eight years of security breach data for the state, the report found that the number of reported data security breaches in New York more than tripled between 2006 and 2014. The roughly 5,000 data breaches impacted 22.8 million personal records of New Yorkers, according to the report, with hacking intrusions by third parties the number-one cause of breaches.
To read the AG's press release, click here.
To view the New York State security breach reporting web submission form, click here.