§ 209. Notification of a breach of the security of the system or a\nbreach of network security; shared data. 1. The office shall, within\ntwenty-four hours of either being notified of or receiving evidence of a\nbreach of the security of the system, or a breach of network security,\nas defined in paragraphs (a) and (b) of subdivision three of this\nsection, notify the chief information officer, the chief information\nsecurity officer, and where appropriate, the cyber security coordinator\nof any state entity with which it shares data, provides networked\nservices or shares a network connection whose data, services or\nconnection is reasonably suspected to be affected by any such breach.\n 2. The office shall provide the chief information officer, the chief\ninformation security officer, and where appropriate, the cyber risk\ncoordinator of any state entity, who has been notified pursuant to\nsubdivision one of this section, with its plan for remediation of the\nbreach and future protection of such data and network.\n 3. For purposes of this section:\n (a) "Breach of the security of the system" shall have the same meaning\nas defined in paragraph (b) of subdivision one of section two hundred\neight of this article.\n (b) "Breach of network security" shall mean unauthorized access to or\naccess without valid authorization of a computer network which\ncompromises the security, confidentiality, or integrity of such network.\n (c) "State entity" shall have the same meaning as provided by\nparagraph (c) of subdivision one of section two hundred eight of this\narticle.\n
‹ Prev All New York sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.