New York’s efforts to pass the New York Privacy Act failed when the bill did not appear in the most recent legislative session. The bill, said to be “tougher,” “bolder,” and more “sweeping” than other privacy legislation, initially gained a number of Senate co-sponsors when Sen. Kevin Thomas introduced it, but no Assembly members signed on.
The bill included concepts such as the following:
  • Data Fiduciary: Companies that collect consumer data would be subject to fiduciary duties of loyalty and care to protect consumer information.
  • Private Right of Action: Individuals would have legal recourse when companies violated the law.
  • Increased Transparency: Companies would be required to routinely alert consumers of what information they collected, the purpose for that collection, and what, and with whom, information was shared.
In a Senate hearing, lobbyists expressed the same concerns identified in discussions of federal privacy legislation, such as the potential for overly-prescriptive privacy laws to harm small businesses and innovation.

With the failure of this bill, the California Consumer Privacy Act remains the only comprehensive privacy state statute. It remains to be seen if other states will catch up on the legislative front before California’s law goes into effect in January of next year.