According to a spokesperson from bill sponsor Sen. Liz Krueger’s office, the State Comptroller’s Office drafted the legislation after the Office of Information Technology Services discovered a data breach in January 2020.
At the time, the spokesperson said, those affected by the breach were not notified until months after the issue was made public in a Wall Street Journal article.
As a result, the legislation was drafted to ensure that ITS was not only responsible for informing impacted agencies about a breach, but would also be required to share plans to remediate the issue and prevent future breaches.
“We believe that the bill as amended strikes a proper balance between ensuring the timely sharing of information with state agencies and allowing ITS and others to quickly and aggressively respond in the event a breach should occur,” state CIO Angelo Riddick said via email.
“At ITS,” he continued, “We take every threat seriously and utilize endpoint detection and other measures to perform 24/7 global monitoring of the state’s network and communicate with agencies about cyber issues on a regular basis.”
As a result, he added, ITS strongly supports the efforts of the governor and members of the Legislature to shine a light on how important cybersecurity is to the overall health of New York state, especially in light of the increase in potential threats that information security is now seeing.
The bill is currently in effect, with ITS adopting its procedures accordingly.
