X
Bientôt fans, merci !
Pourquoi pas vous ?
Facebook J'aime Paris 1
Accueil » Droit du Numérique, Administration - Entreprises » Bibliothèque numérique du droit de l'administration électronique » Droit » USA » Text of New York State Bill S05590 STATE OF NEW YORK 5590 A 1999-2000 Regular Sessions INSENATE May 6, 1999

Text of New York State Bill S05590 STATE OF NEW YORK 5590 A 1999-2000 Regular Sessions INSENATE May 6, 1999

Text of New York State Bill S05590 S T A T E O F N E W Y O R K 5590 A 1999-2000 Regular Sessions I N S E N A T E May 6, 1999


Introduced by Sen. NOZZOLIO - read twice and ordered printed, and when printed to be committed to the Committee on Rules - committee discharged, bill amended, ordered reprinted as amended and recommitted to said committee

AN ACT to amend the executive law, in relation to the Internet privacy policy practices

THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS :

1 Section 1. Legislative intent. Everyday new home pages are created 2 and accessed by thousands of Internet travelers all over the world for a 3 variety of reasons. As the use of the Internet has grown exponentially, 4 the issues of privacy and the use of information gathered via the Inter- 5 net have become of primary importance to most individuals. This legis- 6 lation would require all state agencies and any company doing business 7 with the state to adopt internet privacy policies providing for the 8 following principles of privacy protection : (1) notice/awareness ; (2) 9 choice/consent ; (3) access/participation ; and, (4) integrity/security. 10 S 2. This act shall be known and may be cited as the Internet Privacy 11 Policy Act. 12 S 3. Section 206-a of the executive law is amended by adding a new 13 subdivision 17 to read as follows : 14 17. TO DEVELOP A MODEL ON-LINE SAMPLE PRIVACY NOTICE TO BE MADE AVAIL- 15 ABLE TO ANY PUBLIC OR PRIVATE ENTITY. SUCH MODEL ON-LINE PRIVACY NOTICE 16 SHALL INCLUDE, BUT NOT BE LIMITED TO, THE FOLLOWING INTERNET PRIVACY 17 POLICIES PRACTICES RELATING TO THE DISCLOSURE OF PERSONAL INFORMATION 18 AND DATA COLLECTION : 19 (A) THE NATURE OF PERSONAL INFORMATION OR PERSONAL DATA COLLECTED OR 20 TO BE COLLECTED WITH RESPECT TO THE SUBSCRIBER AND THE NATURE AND USE OF 21 THE INFORMATION OR DATA IF ANY ; 22 (B) THE NATURE, FREQUENCY AND PURPOSE OF ANY DISCLOSURE WHICH MAY BE 23 MADE OF SUCH INFORMATION OR DATA, INCLUDING AN IDENTIFICATION OF THE 24 TYPES OF PERSONS OR PERSON TO WHOM SUCH DISCLOSURE MAY BE MADE ;

EXPLANATION-Matter in ITALICS (underscored) is new ; matter in brackets is old law to be omitted. LBD11212-05-9

S. 5590-A 2

1 (C) THE PERIOD OF TIME THE INFORMATION WILL BE MAINTAINED ; 2 (D) A DESCRIPTION OF THE PROCEDURES BY WHICH THE SUBSCRIBER MAY GAIN 3 ACCESS TO THE INFORMATION ; 4 (E) A DESCRIPTION OF THE MEANS OF INFORMATION OR DATA BEING COLLECTED 5 IF NOT OBVIOUS, SUCH AS PASSIVE COLLECTION THAT ENABLES ELECTRONIC MONI- 6 TORING ; 7 (F) NOTICE INDICATING IF THE REQUESTED INFORMATION OR DATA IS VOLUN- 8 TARY OR REQUIRED, AND THE CONSEQUENCES OF A REFUSAL TO PROVIDE THE 9 REQUESTED INFORMATION ; 10 (G) THE NATURE OF THE STEPS BEING TAKEN BY THE ENTITY TO ENSURE THE 11 CONFIDENTIALITY, INTEGRITY AND QUALITY OF THE DATA ; 12 (H) UPON REQUEST A SUBSCRIBER SHALL BE PROVIDED ACCESS TO ALL PERSONAL 13 INFORMATION REGARDING SUCH SUBSCRIBER THAT IS COLLECTED AND MAINTAINED 14 BY A STATE AGENCY VIA AN INTERACTIVE COMPUTER SERVICE. SUCH INFORMATION 15 SHALL BE MADE AVAILABLE AT REASONABLE TIMES AND AT A CONVENIENT LOCATION 16 TO THE SUBSCRIBER. COMPUTER-BASED TELECOMMUNICATIONS MAY BE THE MEANS BY 17 WHICH SUCH INFORMATION IS PROVIDED TO THE SUBSCRIBER. THE SUBSCRIBER 18 SHALL BE PROVIDED REASONABLE OPPORTUNITY BY THE INTERACTIVE COMPUTER 19 SERVICE TO CORRECT ERRORS IN PERSONAL INFORMATION AND THE INTERACTIVE 20 COMPUTER SERVICE SHALL PROMPTLY CORRECT SUCH INFORMATION. IF THE INTER- 21 ACTIVE COMPUTER SERVICE IS UNABLE TO RESOLVE ANY REMAINING DIFFERENCES, 22 A SUBSCRIBER SHALL ALSO BE PROVIDED WITH THE OPPORTUNITY TO FILE A 23 STATEMENT OF EXPLANATION CONCERNING THE NATURE OF ANY DISPUTE. 24 S 4. The executive law is amended by adding a new section 33 to read 25 as follows : 26 S 33. INTERNET PRIVACY POLICY. 1. AS USED IN THIS SECTION, THE 27 FOLLOWING TERMS SHALL HAVE THE FOLLOWING MEANINGS : 28 A. "STATE AGENCY" SHALL MEAN ANY STATE DEPARTMENT, BOARD, BUREAU, 29 DIVISION, COMMISSION, COMMITTEE, PUBLIC AUTHORITY, PUBLIC BENEFIT CORPO- 30 RATION, COUNCIL, OFFICE, OR OTHER GOVERNMENTAL ENTITY PERFORMING A 31 GOVERNMENTAL OR PROPRIETARY FUNCTION FOR THE STATE. 32 B. "INTERACTIVE COMPUTER SERVICE" MEANS THE OFFERING OF A CAPABILITY 33 FOR WEB-BROWSING, GENERATING, ACQUIRING, STORING, TRANSFORMING, PROCESS- 34 ING, RETRIEVING, UTILIZING, TRANSFERRING OR MAKING AVAILABLE INFORMATION 35 USING COMPUTER-BASED TELECOMMUNICATIONS OR VIA MODEM TO THE INTERNET. 36 C. "INTERNET" SHALL MEAN THE INTERNATIONAL COMPUTER NETWORK OF INTER- 37 OPERABLE PACKET SWITCHED DATA NETWORKS ; 38 D. "PERSONAL INFORMATION" OR "PERSONAL DATA" MEANS 39 (1) INFORMATION WHICH IDENTIFIES EITHER A SPECIFIC USER OR SUBSCRIBER, 40 FILE OR SERVICE UTILIZED OR FROM AN INTERACTIVE COMPUTER SERVICE AND THE 41 USER OR SUBSCRIBER AND/OR SUCH USER`S OR SUBSCRIBER`S INTERACTIVE 42 COMPUTER ADDRESS WHO OBTAINED SUCH FILE OR SERVICE. PERSONAL INFORMATION 43 SHALL NOT INCLUDE ANY RECORD OF AGGREGATE DATA WHICH DOES NOT IDENTIFY A 44 FILE OR SERVICE UTILIZED AND A SUBSCRIBER AND/OR SUCH SUBSCRIBER`S 45 INTERACTIVE COMPUTER ADDRESS ; OR 46 (2) INFORMATION COLLECTED OR SUBMITTED VIA THE INTERNET OR WEB-SITE 47 THAT IDENTIFIES A USER OR SUBSCRIBERS HOME/WORK ADDRESS, E-MAIL ADDRESS, 48 PHONE NUMBER, CREDIT/DEBIT CARD INFORMATION, SOCIAL SECURITY NUMBER, 49 BIRTHDATE, GENDER, MARITAL STATUS OR OTHER PERSONAL IDENTIFIER. 50 E. "DISCLOSE" OR "DISCLOSURE" MEANS THE SALE OR RENTAL OF PERSONAL 51 INFORMATION. 52 F. "FILE" MEANS A COLLECTION OF RELATED RECORDS TREATED AS A UNIT. 53 G. "RECORDS" MEANS A GROUP OF DISTINCT DATA ITEMS IN A COMPUTER SYSTEM 54 MANIPULATED AS A UNIT. 55 H. "SUBSCRIBER" OR "USER" SHALL MEAN ANYONE WHO USES A COMPUTER CAPA- 56 BLE OF INTERACTING WITH THE INTERNET.

S. 5590-A 3

1 2. ANY STATE AGENCY WHICH PROVIDES AN INTERACTIVE COMPUTER SERVICE MAY 2 NOT DISCLOSE PERSONAL INFORMATION CONCERNING A SUBSCRIBER TO INTERNAL 3 STAFF OR TO ANY OTHER PERSON, FIRM, PARTNERSHIP OR CORPORATION UNLESS 4 SUCH SUBSCRIBER : (A) HAS RECEIVED THE NOTICE PROVIDED FOR IN SUBDIVISION 5 THREE OF THIS SECTION ; AND (B) HAS EXPRESSLY CONSENTED TO THE DISCLO- 6 SURE. 7 3. AT THE TIME WHEN A STATE AGENCY IS FIRST CONTACTED BY A SUBSCRIBER 8 TO PROVIDE ANY ON-LINE INTERACTIVE SERVICE, INCLUDING BROWSING A SITE, 9 EACH AND EVERY INTERACTIVE COMPUTER SERVICE SHALL PROVIDE NOTICE IN THE 10 FORM OF A SEPARATE STATEMENT TO THE SUBSCRIBER CLEARLY AND CONSPICUOUSLY 11 DISCLOSING THE FOLLOWING TO SUCH SUBSCRIBER : 12 A. THE NATURE OF PERSONAL INFORMATION OR PERSONAL DATA COLLECTED OR TO 13 BE COLLECTED WITH RESPECT TO THE SUBSCRIBER AND THE NATURE AND USE OF 14 THE INFORMATION OR DATA IF ANY ; 15 B. THE NATURE, FREQUENCY AND PURPOSE OF ANY DISCLOSURE WHICH MAY BE 16 MADE OF SUCH INFORMATION OR DATA, INCLUDING AN IDENTIFICATION OF THE 17 TYPES OF PERSONS OR PERSON TO WHOM SUCH DISCLOSURE MAY BE MADE ; 18 C. THE PERIOD OF TIME THE INFORMATION WILL BE MAINTAINED ; 19 D. A DESCRIPTION OF THE PROCEDURES BY WHICH THE SUBSCRIBER MAY GAIN 20 ACCESS TO THE INFORMATION. 21 E. A DESCRIPTION OF THE MEANS OF INFORMATION OR DATA BEING COLLECTED 22 NOT OBVIOUS, SUCH AS PASSIVE COLLECTION THAT ENABLES ELECTRONIC MONITOR- 23 ING. 24 F. NOTICE INDICATING IF THE REQUESTED INFORMATION OR DATA IS VOLUNTARY 25 OR REQUIRED, AND THE CONSEQUENCES OF A REFUSAL TO PROVIDE THE REQUESTED 26 INFORMATION. 27 G. THE NATURE OF THE STEPS BEING TAKEN BY THE STATE AGENCY TO ENSURE 28 THE CONFIDENTIALITY, INTEGRITY AND QUALITY OF THE DATA. 29 4. UPON REQUEST A SUBSCRIBER SHALL BE PROVIDED ACCESS TO ALL PERSONAL 30 INFORMATION REGARDING SUCH SUBSCRIBER THAT IS COLLECTED AND MAINTAINED 31 BY A STATE AGENCY VIA AN INTERACTIVE COMPUTER SERVICE. SUCH INFORMATION 32 SHALL BE MADE AVAILABLE AT REASONABLE TIMES AND AT A CONVENIENT LOCATION 33 TO THE SUBSCRIBER. COMPUTER-BASED TELECOMMUNICATIONS MAY BE THE MEANS BY 34 WHICH SUCH INFORMATION IS PROVIDED TO THE SUBSCRIBER. THE SUBSCRIBER 35 SHALL BE PROVIDED REASONABLE OPPORTUNITY BY THE INTERACTIVE COMPUTER 36 SERVICE TO CORRECT ERRORS IN PERSONAL INFORMATION AND THE INTERACTIVE 37 COMPUTER SERVICE SHALL PROMPTLY CORRECT SUCH INFORMATION. IF THE INTER- 38 ACTIVE COMPUTER SERVICE IS UNABLE TO RESOLVE ANY REMAINING DIFFERENCES, 39 A SUBSCRIBER SHALL ALSO BE PROVIDED WITH THE OPPORTUNITY TO FILE A 40 STATEMENT OF EXPLANATION CONCERNING THE NATURE OF ANY DISPUTE. 41 5. NOTWITHSTANDING SUBDIVISION TWO OF THIS SECTION, A STATE AGENCY MAY 42 DISCLOSE PERSONAL INFORMATION IF THE DISCLOSURE IS : 43 A. NECESSARY TO IN THE ORDINARY COURSE OF BUSINESS AS DEFINED IN 44 STATE LAW ; 45 B. MADE PURSUANT TO A COURT ORDER OR BY LAW ; 46 C. FOR THE PURPOSE OF VALIDATING THE IDENTITY OF THE SUBSCRIBER ; AND, 47 D. IF THE INFORMATION OR DATA IS USED SOLELY FOR STATISTICAL PURPOSES 48 IN AGGREGATE FORM. 49 S 5. This act shall take effect immediately. .SO DOC S 5590A *END* BTXT 1999