New York State Sen. Mike Venditto is pushing a bill through the Senate that will broaden the responsibility of the state IT department for handling internal breaches and those that occur with third-party vendors.
Senate bill S6834A would give the N.Y. Office of Information Technology more responsibility, along with mandating changes in reporting procedures after a cyber incident takes place. Venditto introduced the bill in February and it had just passed through the Senate’s Consumer Protection Committee.
If passed, the IT office would be tasked with delivering a report within 90-days on any cyber attack to include information on the scope of the breach and recommendations to improve security. In addition, the office will develop, updated and provide regular security training to state offices.
The IT office would also be among the state agencies notified when a private firm suffers a breach, along with the state attorney general and the Department of State.