S T A T E O F N E W Y O R K
________________________________________________________________________
5245
2019-2020 Regular Sessions
I N S E N A T E
April 18, 2019
___________
Introduced by Sen. KENNEDY -- read twice and ordered printed, and when
printed to be committed to the Committee on Consumer Protection
AN ACT to amend the general business law, in relation to the sale of
personal information by an internet service provider
THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
BLY, DO ENACT AS FOLLOWS:
Section 1. The general business law is amended by adding a new section
349-f to read as follows:
§ 349-F. SALE, TRANSFER, OR SHARING OF PERSONAL INFORMATION BY AN
INTERNET SERVICE PROVIDER. 1. AS USED IN THIS SECTION:
(A) "PERSONAL INFORMATION" SHALL MEAN ANY INFORMATION THAT, WHEN IT IS
DISCLOSED, IDENTIFIES, DESCRIBES, OR IS ABLE TO BE ASSOCIATED WITH AN
INDIVIDUAL AND INCLUDES, BUT IS NOT LIMITED TO, THE FOLLOWING:
(I) AN INDIVIDUAL'S NAME AND ADDRESS;
(II) INFORMATION PERTAINING TO CREDITWORTHINESS, ASSETS, INCOME OR
LIABILITIES;
(III) AGE OR DATE OF BIRTH;
(IV) NAMES OF CHILDREN;
(V) ELECTRONIC MAIL OR OTHER ADDRESSES OF CHILDREN;
(VI) NUMBER OF CHILDREN;
(VII) THE AGE OR GENDER OF CHILDREN;
(VIII) HEIGHT;
(IX) WEIGHT;
(X) RACE;
(XI) RELIGION;
(XII) OCCUPATION;
(XIII) TELEPHONE NUMBER;
(XIV) EDUCATION;
(XV) POLITICAL PARTY AFFILIATION;
(XVI) MEDICAL CONDITION;
(XVII) DRUGS, THERAPIES, OR MEDICAL PRODUCTS OR EQUIPMENT USED;
EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
[ ] is old law to be omitted.
LBD03958-01-9
S. 5245 2
(XVIII) THE KIND OF PRODUCT THE CUSTOMER PURCHASED, LEASED, OR RENTED;
(XIX) REAL PROPERTY PURCHASED, LEASED, OR RENTED;
(XX) THE KIND OF SERVICE PROVIDED;
(XXI) SOCIAL SECURITY NUMBER;
(XXII) BANK ACCOUNT NUMBER;
(XXIII) CREDIT CARD NUMBER;
(XXIV) DEBIT CARD NUMBER;
(XXV) BANK OR INVESTMENT ACCOUNT, DEBIT CARD, OR CREDIT CARD BALANCE;
(XXVI) PAYMENT HISTORY;
(XXVII) INTERNET SEARCHES; OR
(XXVIII) BROWSER CACHE.
(B) "PROVIDER OF INTERNET SERVICE" SHALL MEAN ANY PERSON, BUSINESS OR
ORGANIZATION QUALIFIED TO DO BUSINESS IN THIS STATE THAT PROVIDES INDI-
VIDUALS, CORPORATIONS, OR OTHER ENTITIES WITH THE ABILITY TO CONNECT TO
THE INTERNET THROUGH EQUIPMENT THAT IS LOCATED IN THIS STATE.
2. A PROVIDER OF INTERNET SERVICE SHALL KEEP CONFIDENTIAL:
(A) ALL PERSONAL INFORMATION CONCERNING A SUBSCRIBER, OTHER THAN THE
ELECTRONIC MAIL ADDRESS OF THE SUBSCRIBER, UNLESS THE SUBSCRIBER GIVES
PERMISSION, IN WRITING OR BY ELECTRONIC MAIL, TO THE PROVIDER OF INTER-
NET SERVICE TO DISCLOSE THE INFORMATION; AND
(B) THE ELECTRONIC MAIL ADDRESS OF A SUBSCRIBER, IF THE SUBSCRIBER
REQUESTS, IN WRITING OR BY ELECTRONIC MAIL, TO HAVE THE ELECTRONIC MAIL
ADDRESS OF THE SUBSCRIBER KEPT CONFIDENTIAL. UPON RECEIVING SUCH A
REQUEST FROM A SUBSCRIBER, A PROVIDER OF INTERNET SERVICE SHALL KEEP
CONFIDENTIAL THE ELECTRONIC MAIL ADDRESS OF THE SUBSCRIBER, UNLESS THE
SUBSCRIBER GIVES PERMISSION, IN WRITING OR BY ELECTRONIC MAIL, TO THE
PROVIDER OF INTERNET SERVICE TO DISCLOSE THE ELECTRONIC MAIL ADDRESS OF
THE SUBSCRIBER.
3. A PROVIDER OF INTERNET SERVICE SHALL PROVIDE NOTICE OF THE REQUIRE-
MENTS OF SUBDIVISION TWO OF THIS SECTION TO EACH OF ITS SUBSCRIBERS. THE
NOTICE MUST INCLUDE, WITHOUT LIMITATION, A CONSPICUOUS STATEMENT THAT A
SUBSCRIBER MAY REQUEST, IN WRITING OR BY ELECTRONIC MAIL, TO HAVE THE
ELECTRONIC MAIL ADDRESS OF THE SUBSCRIBER KEPT CONFIDENTIAL.
4. A PROVIDER OF INTERNET SERVICE SHALL NOT ADD A SUPPLEMENTAL CHARGE
OR IN ANY WAY PENALIZE A SUBSCRIBER EITHER FINANCIALLY OR IN QUALITY OR
SPEED OF DELIVERY FOR CHOOSING NOT TO ALLOW FOR THE SHARING OF PERSONAL
INFORMATION.
5. A PROVIDER OF INTERNET SERVICE WHO VIOLATES ANY PROVISION OF THIS
SECTION SHALL BE GUILTY OF A MISDEMEANOR AND SHALL BE SUBJECT TO A FINE
OF NOT LESS THAN FIVE HUNDRED DOLLARS OR MORE THAN ONE THOUSAND DOLLARS
FOR EACH VIOLATION.
§ 2. This act shall take effect immediately.
