§ 995-b. Reporting of cybersecurity incidents. 1. Notwithstanding any\nother provision of law to the contrary, all municipal corporations and\npublic authorities shall report cybersecurity incidents and when\napplicable, the demand of a ransom payment, to the commissioner of the\ndivision of homeland security and emergency services in the form and\nmethod prescribed by such commissioner. Such report shall include\nwhether the reporting municipal corporation or public authority is\nrequesting or declining advice and/or technical assistance from the\ndivision of homeland security and emergency services with respect to the\nreported cybersecurity incident or demand for a ransom payment.\n 2. All municipal corporations and public authorities shall report\ncybersecurity incidents, including demands for ransom payment, no later\nthan seventy-two hours after the municipal corporation or public\nauthority reasonably believes the cybersecurity incident has occurred.\n 3. Any cybersecurity incident report and any records related to a\nransom payment submitted to the commissioner of the division of homeland\nsecurity and emergency services pursuant to the requirements of this\narticle shall be exempt from disclosure under article six of the public\nofficers law.\n
‹ Prev All New York sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.