New York Attorney General, Eric. T. Schneiderman, stated in a recent press release that 9.2 million New Yorkers had their personal data compromised in 2017. Such data compromises were mainly due to large scale data hacks, such as the Equifax and Game Stop hacks. According to the NYAG office’s report, 1,583 data breaches were reported to the NYAG in 2017. This was quadruple the number from 2016. While hacking was the most likely culprit the AG indicated, a large number of breaches resulted from negligence.

In the report, the NYAG’s office laid out several steps it believes would help organizations protect sensitive personal information against unauthorized disclosures. These include conducting diligence about Understand collection, protection and dissemination of sensitive information, creating -and implementing- an information security plan that includes encryption, and acting immediately in the event of a breach.

In the press release, Attorney General Schneiderman advocated for a bill to force Facebook and other social media websites to inform consumers if their personal data has been misused. Attorney General Schneiderman also called on the New York State legislature to pass his SHIELD Act. If passed, the SHIELD Act, would put legal responsibility on companies to adopt “reasonable” administrative, technical and physical safeguards for sensitive data and would trigger more stringent reporting requirements.

Putting in Into Practice: The AG’s recent report provides insight on what the NYAG’s expectations are of companies who suffer a data incident, and how they can prepare for such an event.