• Home
  • Products
    • Secure Drive Wiping SoftwareSecurely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software Erase & Diagnose iOS® & Android® Simultaneously
    • File Eraser SoftwarePermanently wipe files and folders, and erase traces of apps & Internet activity.
  • Solutions
    • For Enterprise, Govt. & SMBWipe hard drives, laptops, desktops, Mac® devices, mobile phones & rackmount storage.
    • Managed Service Provider & SIGlobally trusted data wiping & diagnostic solutions to augment your managed services competences
    • ITAD & Refurbisher Bulk erase loose drives, laptops, desktops, Mac devices, rackmount storage & mobile devices with centralized control.
    • Individual & Home User Safeguard invasion of privacy at the time of disposing old PC, laptop & mobile phone
  • Resources
    • CertificationsBitRaser - Tested & certified by multiple International Bodies
    • Reports & Certficates Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure StandardsGlobal erasure standards that help you comply to international laws & regulations
    • Technical Articles Series of articles to help understand data erasure & diagnostics
    • Product FactsheetExplore in-depth details of the features, benefits..
    • Deployment Get instructions on using BitRaser for wiping PC..
    • Case Studies Read Our Customer Case Studies Illustrating The Real-World Usage In Diverse Business Scenarios.
    • Frequently Asked Questions (FAQs) Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog Gain Latest Insights Into Data Erasure, Data Protection, Privacy And Regulations.
  • Partners
  • Products

    CASE STUDIES

    The best way to know about our solution is to read our customer case studies illustrating the real-world usage in diverse business scenarios.

    Read All Case Studies

    • Secure Drive Wiping Software
      Securely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network
      Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software
      Erase & Diagnose iOS® & Android® Simultaneously
    • File Erasure Software
      Permanently Wipe Files & Folders, Erase Traces Of Apps & Internet Activity
  • Solutions

    BITRASER® DATA ERASURE SOFTWARE

    Efficient, Easy & Permanent Wiping Of Sensitive Data Across Storage Devices. Guaranteed Data Privacy.

    Learn More

    • For Enterprise, Govt. & SMB
      Wipe Hard Drives, Laptops, Desktops, Mac® Devices, Mobile Phones & Rackmount Storage.
    • Managed Service Provider & SI
      Globally Trusted Data Wiping & Diagnostic Solutions To Augment Your Managed Service Competences.
    • ITAD & Refurbisher
      Bulk Erase Loose Drives, Laptops, Desktops, Mac Devices, Rackmount Storage & Mobile Devices.
    • Individual & Home User
      Safeguard Invasion Of Privacy At The Time Of Disposing Old PC, Laptop & Mobile Phone.
  • Resources
    • Product Certifications
      BitRaser - Tested & certified by multiple International Bodies
    • Sample Reports & Certificates
      Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure Standards
      Global erasure standards that help you comply to international laws & regulations
    • Technical Articles
      Series of articles to help understand data erasure & diagnostics
    • Product Factsheets
      Explore in-depth details of the features, benefits and specifications of our variants.
    • Deployment
      Get Instructions On using BitRaser for wiping PC, Mac, hard drives, mobile devices & files.
    • Case Studies
      Read our customer case studies illustrating the real-world usage in diverse business scenarios.
    • Frequently Asked Questions (FAQs)
      Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog
      Gain latest insights into data erasure, data protection, privacy and regulations.
  • Partners
  • +1-844-775-0101
  • Submit Enquiry

New York Privacy Act 2021: An Insight

  • author image

    Written By Pravin Mehta linkdin

  • calender

    Updated on Jun 23, 2021

  • clock

    Min Reading 3 Min

New York lawmakers have proposed several consumer privacy protection bills in 2021. Amongst these, Senate Bill S6701 and its companion Assembly Bill A680A are two prominent bills that propose the enactment of the New York Privacy Act 2021.

Senate Bill S6701, introduced on May 12 in the State of New York 2021-2022 Regular Sessions, had advanced to the Third Reading on May 24 and is now on Floor Calendar for final voting. Likewise, Assembly Bill A680A was amended and recommitted to the Committee on Consumer Affairs and Protection on May 27 and is slated to appear for voting on the Floor Calendar.

The passing of these bills will result in the enactment of the New York Privacy Act that will focus on protecting consumers’ personal data and privacy. The NY Privacy Act obligates companies to disclose their methods of de-identifying personal data and install safeguards for personal data sharing. It also empowers consumers with the right to know the details of the entities having access to their data.

New York Senate Privacy Act 2021— Purpose & Key Provisions

As per S6701 (ACTIVE) – SPONSOR MEMO, the NY Senate Privacy Act is focused on helping New York citizens regain their privacy by obligating companies to acquire the consumers’ consent before processing their personal data. The Law imparts New York consumers to exercise greater control over their personal information and sets forth provisions for businesses to manage personal data responsibly and lawfully.

The following are the key provisions to protect consumer data privacy in NY Privacy Act 2021:

1. Right to Notice

The Law requires companies to notify the consumers of the following:

  • Consumers’ rights, including withdrawal of consent, concerning their data
  • Categories of personal data processed by the company or any third-party entity
  • Identity of all parties to whom the company discloses, shares, transfers, or sells the personal data
  • The source and purpose of data collection & processing
  • The retention period for each category of personal data collected & processed
  • Whether the personal data is used for targeted advertising and the expected Average Revenue Per User (ARPU) generated through targeted advertising

2. Opt-in Consent

The New York Privacy Act mandates the companies to seek unambiguous and informed opt-in consent from consumers to allow the following:

  • Processing of personal data
  • Changes in the purpose, method, or scope of collecting personal data

The company’s request for opt-in consent must clearly describe the category and purpose for collecting & processing the data. It should clearly present the option to provide only the consent necessary for particular services or goods and provide a clear option to deny consent. The Law also requires the opt-in consent request to include the details of any third party involvement for sharing, disclosing, transferring, or selling the personal data. Additionally, the consent request must comprise the categories and retention period of such data. 

3. Right to Access, Port, & Correct Data

As per New York Privacy Act, companies need to process the following action on receipt of a valid request from a consumer:

  • Confirm whether the personal data is processed
  • Provide access to the consumer’s personal data in a structured and machine-readable format
  • Provide the identity of each processor, including third parties to whom personal data is disclosed, transferred, or sold
  • The category of personal data shared and its purpose
  • Freely transmit the data to another person as per the consumer’s specification
  • Investigate any inaccuracies brought up in the personal data by a consumer and correct those as necessary within a defined timeframe.

4. Right to Delete

The NY Privacy Act empowers consumers to request permanent deletion of their personal data in possession of companies. The “Right to Delete” lays down the following mandates for companies:

  • A company or controller must delete the consumer’s personal data upon receipt of a verified request for deletion
  • The company should communicate the deletion request to all the third parties to whom it had shared or disclosed the personal data.
  • The company should delete the personal data associated with deleted user accounts.
  • A company must establish procedures to avoid any reoccurrence of the deleted data in its systems.

Other provisions under the Consumer Rights section of the New York Privacy Act 2021 include automated decision-making, responding to requests, and implementation and non-waiver of rights.

NY Privacy Act [Section 1103]: A Note on Personal Data Protection

Section 1103 of the New York Privacy Act obligates companies to develop, implement, and maintain adequate measures to protect the security, confidentiality, and integrity of consumers’ personal data. It categorically states that companies collecting personal data should restrict its use and retention to the extent necessary to provide the service and only until the opt-in consent duration.

The Law states that companies must dispose of all the redundant personal data at least annually or latest by the end of the consent duration. While meeting the obligations, the companies must not discriminate against consumers exercising their rights in accordance with the New York Privacy Act.

Jurisdictional Scope & Exemptions

The New York Privacy Act applies to all legal entities that conduct business in New York or target products or services to New York residents and meet the following conditions:

  • Have annual gross revenue of US$25 million or more
  • Control or process the personal data of 100,000 consumers or more
  • Control or process the personal data of 500,000 natural personal or more nationwide, and controls or processes the personal data of 10,000 consumers
  • Generate more than 50% of gross revenue by selling personal data and control or process the personal data of 25,000 consumers or more.

The following types of personal data is exempt under the NY Privacy Act:

  • Personal data processed by government bodies for processes other than sale
  • Personal data collected, processed, sold, or disclosed in accordance with Gramm-Leach-Bliley Act, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, U.S.C. Sec. 1232g, Farm Credit Act of 1971, section two-d of the education law.
  • Data maintained for employment records, patient identifying information, protected health information, data collected for research on human subjects like clinical trials, etc., is exempt.

New York Privacy Act: Know the Penalties

Violation of the NY Privacy Act can result in a civil penalty of up to $15,000 per violation based on nature, severity, duration, willfulness, and persistence of the misconduct. The Law counts unlawful processing of every consumer’s personal data individually, i.e., for every 10 instances, the penalty could sum up to $150,000.

NY Privacy Act, SHIELD Act, CCPA, & GDPR— Quick Comparison

In recent years, the world has seen the emergence of many data protection laws like GDPR, CCPA, & the like. The below table summarizes their similarities and differences:

Points of Consideration

NY Privacy Act

SHIELD Act

CCPA

GDPR

Official Title

New York Privacy Act –Senate Bill S6701

Stop Hacks and Improve Electronic Data Security Act – Senate Bill S5575B

California Consumer Privacy Act of 2018

General Data Protection Regulation (EU) 2016/679

Official Summary

“Enacts the NY privacy act to require companies to disclose their methods of de-identifying personal information, to place special safeguards around data sharing and to allow consumers to obtain the names of all entities with whom their information is shared.” Source

“Relates to notification of a security breach; includes credit and debit cards; increases civil penalties.” Source

“The California Constitution provides for the confidentiality of personal information & requires a business or person that suffers a breach of security of computerized data to disclose that breach, as specified.” Source

“The toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU.” Source

Key Objective

Help New Yorkers regain their privacy

Widen the scope of information covered under the data breach notification law

Give consumers more control over their personal data collected by businesses

Protect the personal data of natural persons in the EU

Territorial Scope

New York

New York

California

European Union

Jurisdictional Scope

Entities conducting business in New York and meet specific criteria

Companies holding the data of New York residents

For-profit businesses operating in California and meet specific conditions

Company or entity that processes personal data and has a branch in EU, or companies outside of EU monitoring the behavior of EU residents or selling to them

Key Provisions

  • Right to Notice
  • Opt-in consent
  • Right to access, port, & correct data
  •  Right to delete

Notification of data breach to the affected individuals, Attorney General, New York Department of State, and the Office of IT Services

  • Right to know
  •  Right to delete
  •  Right to opt-out
  • Right to non-discrimination
  • Right to access
  • Right to restriction of processing
  • Right to portability
  • Right to rectification
  • Right to object
  • Right to erasure

Max. Penalty

Up to $15,000 per violation

Up to $250,000

Up to $7,500 per intentional violation

Up to $2500 per unintentional violation

€20 Million or 4% of global revenue


New York Privacy Act— the Era of Localized Laws Has Arrived

In the past two years, the proposal of several new bills has led to the shaping of a more stringent and localized data privacy landscape in the US. Regulations like CCPA, SHIELD, Nevada Privacy Law, and Maine Privacy Law are some of these state-level laws, heralding an era that prioritizes the resident consumers’ privacy and the need for securing their personal data (at all times). A standout action for businesses and other entities in the purview of these laws is to install policies, practices, and ethics that enable data privacy as a supreme denominator of their commercial operations. “Playing by the rulebook” is crucial for businesses to sustain and thrive in the markets governed by data privacy laws.

The New York Privacy Law is no different in that it obligates companies to handle consumer data responsibly, in line with the mandates, to ensure total data privacy. Failing to comply can lead to significant penalties— and, in-depth know-how and timely action are imperative for attaining compliance!

BitRaser is NIST Certified

See All Certifications

Related Articles

10 CCPA Questions Every Tech Executive Should be Prepared to Answer

Jan 15, 2020

Certificate Of Data Destruction And It's Importance

Jan 17, 2022

Data Destruction Techniques

Jan 18, 2021


REACH US

Stellar Data Recovery Inc.

48 Bridge Street Metuchen, New Jersey 08840, United States

Call Us

+1-844-775-0101

Email Us

sales@bitraser.com

Follow Us

linkedin youtube

Useful Links

  • About Us
  • Legal Policy
  • Privacy Policy
  • Cookies Policy
  • Sitemap

NEWS AND EVENTS

  • News & Press Release
  • Events

PARTNERS

  • Our Partnership Models
  • Reseller
  • Distributor
  • OEM
  • ITAD

RESOURCES

  • Knowledge Series
  • Technical Articles
  • Knowledge Base
  • Blogs
  • Reports & Certificates
  • Download Brochure
  • Deployment
  • Product FactSheets
  • Case Studies
  • Our Clients

BitRaser® & Stellar Data Recovery are Registered Trademarks of Stellar Information Technology Pvt. Ltd. © Copyright 2022 Stellar Information Technology Pvt. Ltd. All Trademarks Acknowledged.

ISO Certified
NAID VENDOR
ERN VENDOR

We use cookies on this website. By using this site, you agree that we may store and access cookies on your device Read More Got it!

Request Free License

Name*
Email*
Phone
Company
Country*
Number of Devices to Erase*
Details (If Any)
(*) Mandatory Fields

SUBMIT ENQUIRY

SUBMIT ENQUIRY

Usage:    Business   Personal
  • Captcha*
  • 4+8
  • =

  Yes, I would like to receive information regarding BitRaser products and I can unsubscribe any time.

  • Captcha*
  • 4+8
  • =

  Yes, I would like to receive information regarding BitRaser products and I can unsubscribe any time.

Modal body..
24 Internationally Recognized Erasure Standards
NIST Clear
NIST-ATA Purge
US Department of Defense, DoD 5220.22-M (3 passes)
US Department of Defense, DoD 5200.22-M (ECE) (7 passes)
US Department of Defense, DoD 5200.28-STD (7 passes)
Russian Standard – GOST-R-50739-95 (2 passes)
B.Schneier’s algorithm (7 passes)
German Standard VSITR (7 passes)
Peter Gutmann (35 passes)
US Army AR 380-19 (3 passes)
North Atlantic Treaty Organization-NATO Standard (7 passes)
US Air Force AFSSI 5020 (3 passes)
Pfitzner algorithm (33 passes)
Canadian RCMP TSSIT OPS-II (4 passes)
British HMG IS5 (3 passes)
Zeroes
Pseudo-random
Pseudo-random & Zeroes (2 passes)
Random Random Zero (6 passes)
British HMG IS5 Baseline standard 
NAVSO P-5239-26 (3 passes) 
NCSG-TG-025 (3 passes)  
5 Customized Algorithms & more

Listening...