Last Thursday, State Attorney General Eric Schneiderman announced that he will propose legislation to “overhaul” the state’s data security laws.  His proposal would set baseline data security standards, expand the state’s data breach notification law to include information such as login credentials and medical history, and also create a “safe harbor” for companies that implement heightened security.

Last July, Schneiderman’s office issued a report which found that the number of reported data security breaches in New York State more than tripled between 2006 and 2013. During that period, 22.8 million personal records of New Yorkers were exposed in nearly 5,000 data breaches, which cost the state’s public and private sectors some $1.37 billion in 2013.

Attorney General Schneiderman said:

“With some of the largest-ever data breaches occurring in just the last year, it’s long past time we updated our data security laws and expanded protections for consumers….Our new law will be the strongest, most comprehensive in the nation. Let’s act now to make our state a national model for data privacy and security.”