NY State Senate Bill 2021-S943

Archive: Last Bill Status - In Senate Committee Labor Committee

Introduced
- In Committee Assembly
- In Committee Senate
- On Floor Calendar Assembly
- On Floor Calendar Senate
- Passed Assembly
- Passed Senate
Delivered to Governor
Signed By Governor

Please enter your contact information

First Name

Last Name

Email Address

A valid email address is required.

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

View Actions

	Assembly Actions - Lowercase Senate Actions - UPPERCASE
Jan 05, 2022	referred to labor
Jan 06, 2021	referred to labor

2021-S943 (ACTIVE) - Details

See Assembly Version of this Bill:: A6114
Current Committee:: Senate Labor
Law Section:: Labor Law
Laws Affected:: Add Art 34 §§965 - 970, Lab L
Versions Introduced in Other Legislative Sessions:: 2017-2018: S7808, A5995
2019-2020: S2728, A935
2023-2024: S765, A1360

2021-S943 (ACTIVE) - Summary

Relates to the "uniform employee and student online privacy protection act"; relates to the protection of employee and student online accounts.

2021-S943 (ACTIVE) - Sponsor Memo

                                
 
BILL NUMBER: S943

SPONSOR: KRUEGER
 
TITLE OF BILL:

An act to amend the labor law, in relation to the "uniform employee and
student online privacy protection act"

 
SUMMARY OF SPECIFIC PROVISIONS:

Section 1 of the bill states that the act shall be known as the "Uniform
Employee and Student Online Privacy Protection Act."

Section 2 states that the Labor Law is amended by adding a new article
34 entitled the "Uniform Employee and Student Online Privacy Protection
Act."

Proposed new section 965 of the Labor Law establishes definitions used
throughout the article.

Proposed new section 966 of the Labor Law delineates protections for
employee protected personal online accounts and provides for necessary

exceptions to these protections.

Proposed new section 967 of the Labor Law delineates protections for
student protected personal online accounts and provides for necessary
exceptions to these protections.

Proposed new section 968 of the Labor Law provides remedies for
violations of the act, including a private right of action.

Proposed new section 969 of the Labor Law states that in applying and
constructing this law, consideration must be given to the need to
promote uniformity of the law with respect to its subject matter among
states that enact it.

Proposed new section 970 of the Labor Law states how this article
relates to the Electronic Signatures in Global and National Commerce
Act.

Section 3 provides a severability clause

Section 4 states that this act shall take effect immediately.

 
JUSTIFICATION:

In today's day and age, most individuals possess an online account of
some form. These include social media accounts, bank accounts, and email
accounts among others. Generally, when someone asks for access to the
login information for, or non-public content of, a personal online
account, an individual is free to say "no." However, that is not always
the case in the employment and educational contexts. Employers may have
the power to coerce access to personal online accounts of individuals
who are, or seek to become, their employees. Similarly; educational
institutions may have coercive power over those who are, or seek to
become, their students. When an employer or educational institution asks
for the login information for, or non-public content of, an employee's
or student's online account, that person may find it difficult to
refuse. A growing number of reports in recent years show an increasing
trend where employers and educational institutions have demanded and
received access to personal online accounts. This legislation, imple-
ments a proposal of the Uniform Law Commission, as such, it will serve
as a guidepost for legislation pertaining to employees and students
online privacy across the nation. Its uniformity will allow other states
to enact similar privacy legislation, thereby creating a consistent and
uniform set of protections and guidelines across the country, rather
than each state passing singular pieces of legislation. The Uniform Law
Commission ULC members must be lawyers, qualified to practice law. They
are not only practicing lawyers but also judges, legislators and legis-
lative staff and law professors, who have been appointed by state
governments as well as the District of Columbia, Puerto Rico and the
U.S. Virgin Islands to research, draft and promote enactment of uniform
state laws in areas of state law where uniformity is desirable and prac-
tical.

The state uniform law commissioners come together as the Uniform Law
Commission for one purpose which is to study and review the law of the
states to determine which areas of law should be uniform. The commis-
sioners promote the principle of uniformity by drafting and proposing
specific statutes in areas of the law where uniformity between the
states is desirable.

 
IMPACT ON REGULATION OF BUSINESS AND INDIVIDUALS:

Prevents employers and educational institutions from coercing access to
employee's and student's personal online accounts.

 
FISCAL IMPLICATIONS:

Minimal.

 
EFFECT ON FINES, TERMS OF IMPRISONMENT AND OTHER PENAL SANCTIONS:

The Attorney General may bring a civil action against an employer or
educational institution for a violation of this article to obtain an
injunction and a civil penalty of up to one thousand dollars for each
violation, but not exceeding one hundred thousand dollars for all
violations caused by the same event. A private right of action can
obtain an injunction, actual damages, costs and reasonable attorney's
fees.

 
PRIOR LEGISLATIVE HISTORY:

2019-20: S.2728/A.935 Buchwald - Labor
2017-18: S.7808/A.5995 Buchwald - Labor

 
EFFECTIVE DATE:
Immediately

2021-S943 (ACTIVE) - Bill Text download pdf

                            
 
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                    943
 
                        2021-2022 Regular Sessions
 
                             I N  S E N A T E
 
                                (PREFILED)
 
                              January 6, 2021
                                ___________
 
 Introduced  by  Sen. KRUEGER -- read twice and ordered printed, and when
   printed to be committed to the Committee on Labor
 
 AN ACT to amend the labor law, in relation to the "uniform employee  and
   student online privacy protection act"

   THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section 1. This act shall be known and may be cited  as  the  "uniform
 employee and student online privacy protection act".
   §  2.  The  labor law is amended by adding a new article 34 to read as
 follows:
                                ARTICLE 34
                       UNIFORM EMPLOYEE AND STUDENT
                       ONLINE PRIVACY PROTECTION ACT
 SECTION 965. DEFINITIONS.
         966. PROTECTION OF EMPLOYEE ONLINE ACCOUNTS.
         967. PROTECTION OF STUDENT ONLINE ACCOUNTS.
         968. CIVIL ACTION.
         969. UNIFORMITY OF APPLICATION AND CONSTRUCTION.
         970. RELATION TO ELECTRONIC SIGNATURES IN  GLOBAL  AND  NATIONAL
                COMMERCE ACT.
   § 965. DEFINITIONS. AS USED IN THIS ARTICLE:
   1.  "CONTENT" MEANS INFORMATION, OTHER THAN LOGIN INFORMATION, THAT IS
 CONTAINED IN A PROTECTED PERSONAL  ONLINE  ACCOUNT,  ACCESSIBLE  TO  THE
 ACCOUNT HOLDER, AND NOT PUBLICLY AVAILABLE.
   2.  "EDUCATIONAL INSTITUTION" MEANS A PERSON THAT PROVIDES STUDENTS AT
 THE POSTSECONDARY LEVEL AN ORGANIZED PROGRAM OF STUDY OR TRAINING  WHICH
 IS  ACADEMIC,  TECHNICAL,  TRADE-ORIENTED,  OR  PREPARATORY  FOR GAINING
 EMPLOYMENT AND FOR WHICH THE PERSON  GIVES  ACADEMIC  CREDIT.  THE  TERM
 INCLUDES  BOTH  A  PUBLIC OR PRIVATE INSTITUTION AND ALSO APPLIES TO ANY
 AGENT OR DESIGNEE OF THE EDUCATIONAL INSTITUTION.
   3.  "ELECTRONIC"  MEANS  RELATING  TO  TECHNOLOGY  HAVING  ELECTRICAL,
 DIGITAL,  MAGNETIC, WIRELESS, OPTICAL, ELECTROMAGNETIC, OR SIMILAR CAPA-

 BILITIES.
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.
                                                            LBD04971-01-1

 S. 943                              2
 
   4. "EMPLOYEE" MEANS AN INDIVIDUAL WHO PROVIDES SERVICES OR LABOR TO AN
 EMPLOYER IN EXCHANGE FOR SALARY, WAGES, OR THE  EQUIVALENT  OR,  FOR  AN
 UNPAID  INTERN,  ACADEMIC  CREDIT  OR  OCCUPATIONAL EXPERIENCE INCLUDING
 INDEPENDENT CONTRACTORS. THE TERM INCLUDES A PROSPECTIVE EMPLOYEE WHO:
   (A) HAS EXPRESSED TO THE EMPLOYER AN INTEREST IN BEING AN EMPLOYEE; OR
   (B)  HAS  APPLIED  TO  OR  IS  APPLYING FOR EMPLOYMENT BY, OR IS BEING
 RECRUITED FOR EMPLOYMENT BY, THE EMPLOYER.
   5. "EMPLOYER" MEANS A PERSON  THAT  PROVIDES  SALARY,  WAGES,  OR  THE
 EQUIVALENT  TO  AN EMPLOYEE IN EXCHANGE FOR SERVICES OR LABOR OR ENGAGES
 THE SERVICES OR LABOR OF AN UNPAID INTERN.  THE TERM INCLUDES  AN  AGENT
 OR DESIGNEE OF THE EMPLOYER.
   6.  "LOGIN  INFORMATION"  MEANS A USER NAME AND PASSWORD, PASSWORD, OR
 OTHER MEANS OR CREDENTIALS  OF  AUTHENTICATION  REQUIRED  TO  ACCESS  OR
 CONTROL  OF A PROTECTED PERSONAL ONLINE ACCOUNT OR AN ELECTRONIC DEVICE,
 WHICH THE EMPLOYEE'S EMPLOYER OR THE STUDENT'S  EDUCATIONAL  INSTITUTION
 HAS  NOT SUPPLIED OR PAID FOR IN FULL, THAT ITSELF PROVIDES ACCESS TO OR
 CONTROL OVER THE ACCOUNT.
   7. "LOGIN REQUIREMENT" MEANS A REQUIREMENT THAT LOGIN  INFORMATION  BE
 PROVIDED  BEFORE  AN ONLINE ACCOUNT OR ELECTRONIC DEVICE CAN BE ACCESSED
 OR CONTROLLED.
   8. "ONLINE" MEANS ACCESSIBLE BY MEANS OF A  COMPUTER  NETWORK  OR  THE
 INTERNET.
   9. "PERSON" MEANS AN INDIVIDUAL, ESTATE, BUSINESS OR NONPROFIT ENTITY,
 PUBLIC  CORPORATION,  GOVERNMENT OR GOVERNMENTAL SUBDIVISION, AGENCY, OR
 INSTRUMENTALITY, OR OTHER LEGAL ENTITY.
   10.  "PROTECTED  PERSONAL  ONLINE  ACCOUNT"  MEANS  AN  EMPLOYEE'S  OR
 STUDENT'S  ONLINE  ACCOUNT THAT IS PROTECTED BY A LOGIN REQUIREMENT. THE
 TERM DOES NOT INCLUDE AN ONLINE ACCOUNT OR THE PART OF AN ONLINE ACCOUNT
 THAT IS PUBLICLY AVAILABLE. THE TERM ALSO DOES  NOT  INCLUDE  AN  ONLINE
 ACCOUNT  OR  THE  PART  OF AN ONLINE ACCOUNT THAT THE EMPLOYER OR EDUCA-
 TIONAL INSTITUTION HAS NOTIFIED THE EMPLOYEE OR STUDENT MIGHT BE SUBJECT
 TO A REQUEST FOR LOGIN INFORMATION OR CONTENT, AND WHICH:
   (A) THE EMPLOYER OR EDUCATIONAL INSTITUTION SUPPLIES OR  PAYS  FOR  IN
 FULL; OR
   (B)  THE  EMPLOYEE OR STUDENT CREATES, MAINTAINS, OR USES PRIMARILY ON
 BEHALF OF OR UNDER THE DIRECTION OF THE EMPLOYER OR EDUCATIONAL INSTITU-
 TION IN CONNECTION WITH  THE  EMPLOYEE'S  EMPLOYMENT  OR  THE  STUDENT'S
 EDUCATION.
   11.  "RECORD" MEANS INFORMATION THAT IS INSCRIBED ON A TANGIBLE MEDIUM
 OR THAT IS STORED IN AN ELECTRONIC OR OTHER MEDIUM AND IS RETRIEVABLE IN
 PERCEIVABLE FORM.
   12. "STUDENT" MEANS AN INDIVIDUAL WHO PARTICIPATES IN  AN  EDUCATIONAL
 INSTITUTION'S ORGANIZED PROGRAM OF STUDY OR TRAINING. THE TERM INCLUDES:
   (A) A PROSPECTIVE STUDENT WHO EXPRESSES TO THE INSTITUTION AN INTEREST
 IN  BEING  ADMITTED  TO, APPLIES FOR ADMISSION TO, OR IS BEING RECRUITED
 FOR ADMISSION BY, THE EDUCATIONAL INSTITUTION; AND
   (B) A PARENT OR LEGAL GUARDIAN OF A STUDENT UNDER THE AGE OF EIGHTEEN.
   § 966. PROTECTION OF EMPLOYEE ONLINE ACCOUNTS.    1.  SUBJECT  TO  THE
 EXCEPTIONS IN SUBDIVISION TWO OF THIS SECTION, AN EMPLOYER MAY NOT:
   (A) REQUIRE, COERCE, OR REQUEST AN EMPLOYEE TO:
   (I)  DISCLOSE  THE  LOGIN  INFORMATION FOR A PROTECTED PERSONAL ONLINE
 ACCOUNT;
   (II) DISCLOSE THE CONTENT OF THE ACCOUNT, EXCEPT THAT AN EMPLOYER  MAY
 REQUEST  AN  EMPLOYEE TO ADD THE EMPLOYER TO, OR NOT REMOVE THE EMPLOYER
 FROM, THE SET OF PERSONS TO WHICH THE  EMPLOYEE  GRANTS  ACCESS  TO  THE
 CONTENT;

 S. 943                              3
 
   (III)  ALTER THE SETTINGS OF THE ONLINE ACCOUNT IN A MANNER THAT MAKES
 THE LOGIN INFORMATION FOR, OR CONTENT OF, THE ACCOUNT MORE ACCESSIBLE TO
 OTHERS; OR
   (IV)  ACCESS  THE  ACCOUNT IN THE PRESENCE OF THE EMPLOYER IN A MANNER
 THAT ENABLES THE EMPLOYER  TO  OBSERVE  THE  LOGIN  INFORMATION  FOR  OR
 CONTENT OF THE ACCOUNT; OR
   (B)  TAKE, OR THREATEN TO TAKE, ADVERSE ACTION AGAINST AN EMPLOYEE FOR
 FAILURE TO COMPLY WITH:
   (I) AN EMPLOYER REQUIREMENT, COERCIVE ACTION, OR REQUEST THAT VIOLATES
 PARAGRAPH (A) OF THIS SUBDIVISION; OR
   (II) AN EMPLOYER REQUEST UNDER SUBPARAGRAPH (II) OF PARAGRAPH  (A)  OF
 THIS  SUBDIVISION  TO  ADD  THE  EMPLOYER TO, OR NOT REMOVE THE EMPLOYER
 FROM, THE SET OF PERSONS TO WHICH THE  EMPLOYEE  GRANTS  ACCESS  TO  THE
 CONTENT OF A PROTECTED PERSONAL ONLINE ACCOUNT.
   2. NOTHING IN SUBDIVISION ONE SHALL PREVENT AN EMPLOYER FROM:
   (A)  ACCESSING  INFORMATION ABOUT AN EMPLOYEE WHICH IS PUBLICLY AVAIL-
 ABLE;
   (B) COMPLYING WITH A FEDERAL OR STATE LAW, COURT ORDER, OR RULE  OF  A
 SELF-REGULATORY  ORGANIZATION  ESTABLISHED  BY FEDERAL OR STATE STATUTE,
 INCLUDING A SELF-REGULATORY ORGANIZATION DEFINED IN SECTION 3(A)(26)  OF
 THE SECURITIES AND EXCHANGE ACT OF 1934, 15 U.S.C. § 78C(A)(26); OR
   (C) REQUIRING OR REQUESTING, BASED ON SPECIFIC FACTS ABOUT THE EMPLOY-
 EE'S  PROTECTED  PERSONAL  ONLINE ACCOUNT, ACCESS TO THE CONTENT OF, BUT
 NOT THE LOGIN INFORMATION FOR, THE ACCOUNT IN ORDER TO:
   (I) ENSURE COMPLIANCE, OR INVESTIGATE NON-COMPLIANCE, WITH FEDERAL  OR
 STATE  LAW  OR  AN  EMPLOYER  PROHIBITION  AGAINST WORK-RELATED EMPLOYEE
 MISCONDUCT OF WHICH THE EMPLOYEE HAS REASONABLE NOTICE, WHICH  IS  IN  A
 RECORD,  AND  WHICH  WAS  NOT  CREATED  PRIMARILY  TO  GAIN  ACCESS TO A
 PROTECTED PERSONAL ONLINE ACCOUNT; OR
   (II) PROTECT AGAINST A THREAT TO SAFETY, A THREAT TO EMPLOYER INFORMA-
 TION TECHNOLOGY OR COMMUNICATIONS  TECHNOLOGY  SYSTEMS  OR  TO  EMPLOYER
 PROPERTY,  OR  DISCLOSURE  OF  INFORMATION  IN  WHICH THE EMPLOYER HAS A
 PROPRIETARY INTEREST OR INFORMATION THE EMPLOYER HAS A LEGAL  OBLIGATION
 TO KEEP CONFIDENTIAL.
   3.  AN EMPLOYER THAT ACCESSES EMPLOYEE CONTENT FOR A PURPOSE SPECIFIED
 IN PARAGRAPH (C) OF SUBDIVISION TWO OF THIS SECTION:
   (A) SHALL ATTEMPT REASONABLY TO LIMIT ITS ACCESS TO  CONTENT  THAT  IS
 RELEVANT TO THE SPECIFIED PURPOSE;
   (B) SHALL USE THE CONTENT ONLY FOR THE SPECIFIED PURPOSE; AND
   (C)  MAY  NOT ALTER THE CONTENT UNLESS NECESSARY TO ACHIEVE THE SPECI-
 FIED PURPOSE.
   4. AN EMPLOYER THAT ACQUIRES THE LOGIN INFORMATION FOR  AN  EMPLOYEE'S
 PROTECTED PERSONAL ONLINE ACCOUNT BY MEANS OF OTHERWISE LAWFUL TECHNOLO-
 GY  THAT  MONITORS THE EMPLOYER'S NETWORK, OR EMPLOYER-PROVIDED DEVICES,
 FOR A NETWORK SECURITY,  DATA  CONFIDENTIALITY,  OR  SYSTEM  MAINTENANCE
 PURPOSE:
   (A)  MAY  NOT  USE  THE  LOGIN INFORMATION TO ACCESS OR ENABLE ANOTHER
 PERSON TO ACCESS THE ACCOUNT;
   (B) SHALL MAKE A REASONABLE  EFFORT  TO  KEEP  THE  LOGIN  INFORMATION
 SECURE;
   (C)  UNLESS  OTHERWISE  PROVIDED IN PARAGRAPH (D) OF THIS SUBDIVISION,
 SHALL DISPOSE OF THE LOGIN INFORMATION AS SOON AS, AS SECURELY  AS,  AND
 TO THE EXTENT REASONABLY PRACTICABLE; AND
   (D) SHALL, IF THE EMPLOYER RETAINS THE LOGIN INFORMATION FOR USE IN AN
 ONGOING  INVESTIGATION  OF  AN  ACTUAL  OR SUSPECTED BREACH OF COMPUTER,
 NETWORK, OR DATA SECURITY, MAKE A REASONABLE EFFORT TO  KEEP  THE  LOGIN

 S. 943                              4
 
 INFORMATION  SECURE AND DISPOSE OF IT AS SOON AS, AS SECURELY AS, AND TO
 THE EXTENT REASONABLY PRACTICABLE AFTER COMPLETING THE INVESTIGATION.
   §  967.  PROTECTION  OF  STUDENT  ONLINE ACCOUNTS.   1. SUBJECT TO THE
 EXCEPTIONS IN SUBDIVISION TWO OF THIS SECTION, AN  EDUCATIONAL  INSTITU-
 TION MAY NOT:
   (A) REQUIRE, COERCE, OR REQUEST A STUDENT TO:
   (I)  DISCLOSE  THE  LOGIN  INFORMATION FOR A PROTECTED PERSONAL ONLINE
 ACCOUNT;
   (II) DISCLOSE THE CONTENT OF THE ACCOUNT, EXCEPT THAT  AN  EDUCATIONAL
 INSTITUTION MAY REQUEST A STUDENT TO ADD THE EDUCATIONAL INSTITUTION TO,
 OR  NOT  REMOVE  THE EDUCATIONAL INSTITUTION FROM, THE SET OF PERSONS TO
 WHICH THE STUDENT GRANTS ACCESS TO THE CONTENT;
   (III) ALTER THE SETTINGS OF THE ACCOUNT IN A  MANNER  THAT  MAKES  THE
 LOGIN  INFORMATION  FOR  OR  CONTENT  OF  THE ACCOUNT MORE ACCESSIBLE TO
 OTHERS; OR
   (IV) ACCESS THE ACCOUNT IN THE PRESENCE OF THE EDUCATIONAL INSTITUTION
 IN A MANNER THAT ENABLES THE  EDUCATIONAL  INSTITUTION  TO  OBSERVE  THE
 LOGIN INFORMATION FOR OR CONTENT OF THE ACCOUNT; OR
   (B)  TAKE,  OR  THREATEN TO TAKE, ADVERSE ACTION AGAINST A STUDENT FOR
 FAILURE TO COMPLY WITH:
   (I)  AN  EDUCATIONAL  INSTITUTION  REQUIREMENT,  COERCIVE  ACTION,  OR
 REQUEST, THAT VIOLATES PARAGRAPH (A) OF THIS SUBDIVISION; OR
   (II)  AN  EDUCATIONAL  INSTITUTION  REQUEST UNDER SUBPARAGRAPH (II) OF
 PARAGRAPH (A) OF THIS SUBDIVISION TO ADD THE EDUCATIONAL INSTITUTION TO,
 OR NOT REMOVE THE EDUCATIONAL INSTITUTION FROM, THE SET  OF  PERSONS  TO
 WHICH  THE  STUDENT GRANTS ACCESS TO THE CONTENT OF A PROTECTED PERSONAL
 ONLINE ACCOUNT.
   2. NOTHING IN SUBDIVISION ONE OF THIS SECTION SHALL PREVENT AN  EDUCA-
 TIONAL INSTITUTION FROM:
   (A) ACCESSING INFORMATION ABOUT A STUDENT THAT IS PUBLICLY AVAILABLE;
   (B)  COMPLYING  WITH A FEDERAL OR STATE LAW, COURT ORDER, OR RULE OF A
 SELF-REGULATORY ORGANIZATION ESTABLISHED BY FEDERAL OR STATE STATUTE; OR
   (C) REQUIRING  OR  REQUESTING,  BASED  ON  SPECIFIC  FACTS  ABOUT  THE
 STUDENT'S  PROTECTED  PERSONAL ONLINE ACCOUNT, ACCESS TO THE CONTENT OF,
 BUT NOT THE LOGIN INFORMATION FOR, THE ACCOUNT IN ORDER TO:
   (I) ENSURE COMPLIANCE, OR INVESTIGATE NON-COMPLIANCE, WITH FEDERAL  OR
 STATE  LAW  OR AN EDUCATIONAL INSTITUTION PROHIBITION AGAINST EDUCATION-
 RELATED STUDENT MISCONDUCT OF WHICH THE STUDENT HAS  REASONABLE  NOTICE,
 WHICH IS IN A RECORD, AND WHICH WAS NOT CREATED PRIMARILY TO GAIN ACCESS
 TO A PROTECTED PERSONAL ONLINE ACCOUNT; OR
   (II)  PROTECT  AGAINST  A  THREAT  TO  SAFETY, A THREAT TO EDUCATIONAL
 INSTITUTION INFORMATION TECHNOLOGY OR COMMUNICATIONS TECHNOLOGY  SYSTEMS
 OR  TO EDUCATIONAL INSTITUTION PROPERTY, OR DISCLOSURE OF INFORMATION IN
 WHICH THE EDUCATIONAL INSTITUTION HAS A PROPRIETARY INTEREST OR INFORMA-
 TION THE EDUCATIONAL INSTITUTION HAS A LEGAL OBLIGATION TO  KEEP  CONFI-
 DENTIAL.
   3.  AN  EDUCATIONAL  INSTITUTION  THAT  ACCESSES STUDENT CONTENT FOR A
 PURPOSE SPECIFIED IN PARAGRAPH (C) OF SUBDIVISION TWO OF THIS SECTION:
   (A) SHALL ATTEMPT REASONABLY TO LIMIT ITS ACCESS TO  CONTENT  THAT  IS
 RELEVANT TO THE SPECIFIED PURPOSE;
   (B) SHALL USE THE CONTENT ONLY FOR THE SPECIFIED PURPOSE; AND
   (C)  MAY  NOT ALTER THE CONTENT UNLESS NECESSARY TO ACHIEVE THE SPECI-
 FIED PURPOSE.
   4. AN EDUCATIONAL INSTITUTION THAT ACQUIRES THE LOGIN INFORMATION  FOR
 A  STUDENT'S  PROTECTED  PERSONAL  ONLINE  ACCOUNT BY MEANS OF OTHERWISE
 LAWFUL TECHNOLOGY THAT MONITORS THE EDUCATIONAL  INSTITUTION'S  NETWORK,

 S. 943                              5
 
 OR  EDUCATIONAL  INSTITUTION-PROVIDED  DEVICES,  FOR A NETWORK SECURITY,
 DATA CONFIDENTIALITY, OR SYSTEM MAINTENANCE PURPOSE:
   (A)  MAY  NOT  USE  THE  LOGIN INFORMATION TO ACCESS OR ENABLE ANOTHER
 PERSON TO ACCESS THE ACCOUNT;
   (B) SHALL MAKE A REASONABLE  EFFORT  TO  KEEP  THE  LOGIN  INFORMATION
 SECURE;
   (C)  UNLESS  OTHERWISE  PROVIDED IN PARAGRAPH (D) OF THIS SUBDIVISION,
 SHALL DISPOSE OF THE LOGIN INFORMATION AS SOON AS, AS SECURELY  AS,  AND
 TO THE EXTENT REASONABLY PRACTICABLE; AND
   (D)  SHALL,  IF THE EDUCATIONAL INSTITUTION RETAINS THE LOGIN INFORMA-
 TION FOR USE IN AN ONGOING  INVESTIGATION  OF  AN  ACTUAL  OR  SUSPECTED
 BREACH  OF COMPUTER, NETWORK, OR DATA SECURITY, MAKE A REASONABLE EFFORT
 TO KEEP THE LOGIN INFORMATION SECURE AND DISPOSE OF IT AS  SOON  AS,  AS
 SECURELY  AS,  AND TO THE EXTENT REASONABLY PRACTICABLE AFTER COMPLETING
 THE INVESTIGATION.
   § 968. CIVIL ACTION.  1. THE ATTORNEY GENERAL MAY BRING A CIVIL ACTION
 AGAINST AN EMPLOYER OR EDUCATIONAL INSTITUTION FOR A VIOLATION  OF  THIS
 ARTICLE. A PREVAILING ATTORNEY GENERAL MAY OBTAIN:
   (A) INJUNCTIVE AND OTHER EQUITABLE RELIEF; AND
   (B)  A CIVIL PENALTY OF UP TO ONE THOUSAND DOLLARS FOR EACH VIOLATION,
 BUT NOT EXCEEDING ONE HUNDRED THOUSAND DOLLARS FOR ALL VIOLATIONS CAUSED
 BY THE SAME EVENT.
   2. AN EMPLOYEE OR STUDENT MAY BRING A CIVIL ACTION AGAINST  THE  INDI-
 VIDUAL'S  EMPLOYER  OR  EDUCATIONAL  INSTITUTION FOR A VIOLATION OF THIS
 ARTICLE. A PREVAILING EMPLOYEE OR STUDENT MAY OBTAIN:
   (A) INJUNCTIVE AND OTHER EQUITABLE RELIEF;
   (B) ACTUAL DAMAGES; AND
   (C) COSTS AND REASONABLE ATTORNEY'S FEES.
   3. AN ACTION UNDER SUBDIVISION ONE OF THIS SECTION DOES  NOT  PRECLUDE
 AN  ACTION  UNDER  SUBDIVISION  TWO OF THIS SECTION, AND AN ACTION UNDER
 SUBDIVISION TWO OF THIS SECTION DOES NOT PRECLUDE AN ACTION UNDER SUBDI-
 VISION ONE OF THIS SECTION.
   4. THIS SECTION DOES NOT AFFECT A RIGHT OR REMEDY AVAILABLE UNDER  LAW
 OTHER THAN THIS ARTICLE.
   §  969.  UNIFORMITY  OF  APPLICATION AND CONSTRUCTION. IN APPLYING AND
 CONSTRUING THE SECTIONS OF THIS ARTICLE, CONSIDERATION MUST BE GIVEN  TO
 THE  NEED  TO  PROMOTE UNIFORMITY OF THE LAW WITH RESPECT TO ITS SUBJECT
 MATTER AMONG STATES THAT ENACT IT.
   § 970. RELATION  TO  ELECTRONIC  SIGNATURES  IN  GLOBAL  AND  NATIONAL
 COMMERCE ACT. THIS ARTICLE MODIFIES, LIMITS, OR SUPERSEDES THE ELECTRON-
 IC  SIGNATURES  IN  GLOBAL  AND NATIONAL COMMERCE ACT, 15 U.S.C. SECTION
 7001 ET SEQ., BUT DOES NOT MODIFY, LIMIT, OR SUPERSEDE SECTION 101(C) OF
 THAT ACT, 15 U.S.C. SECTION 7001(C), OR AUTHORIZE ELECTRONIC DELIVERY OF
 ANY OF THE NOTICES DESCRIBED IN SECTION 103(B) OF THAT  ACT,  15  U.S.C.
 SECTION 7003(B).
   §  3. Effect of invalidity; severability. If any section, subdivision,
 paragraph, sentence, clause, phrase or other portion of this act is, for
 any reason, declared unconstitutional or invalid, in whole or  in  part,
 by  any  court  of  competent jurisdiction, such portion shall be deemed
 severable, and such unconstitutionality or invalidity shall  not  affect
 the  validity  of  the  remaining  portions of this act, which remaining
 portions shall continue in full force and effect.
   § 4. This act shall take effect immediately.

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Senate Bill S943

Sponsored By

Archive: Last Bill Status - In Senate Committee Labor Committee

2021-S943 (ACTIVE) - Details

2021-S943 (ACTIVE) - Summary

2021-S943 (ACTIVE) - Sponsor Memo

2021-S943 (ACTIVE) - Bill Text download pdf

Comments

Senate Bill S943

Share this bill

Sponsored By

Liz Krueger

Archive: Last Bill Status - In Senate Committee Labor Committee

2021-S943 (ACTIVE) - Details

2021-S943 (ACTIVE) - Summary

2021-S943 (ACTIVE) - Sponsor Memo

2021-S943 (ACTIVE) - Bill Text download pdf

Comments