N.Y. General Business Law Section 390-B
Anti-phishing act of 2006


1.

This section shall be known as and may be cited as the “anti-phishing act of 2006”.

2.

For purposes of this section, the following terms shall have the following meanings:

(a)

The term “electronic message” means a message sent or posted to a unique destination, commonly expressed as a string of characters, consisting of a unique user name or mailbox (commonly referred to as the “local part”) and a reference to an internet domain (commonly referred to as the “domain part”), whether or not displayed, to which an electronic message can be sent, delivered or posted.

(b)

The term “identifying information” means an individual’s (1) social security number;

(2)

driver’s license number;

(3)

bank account number;

(4)

credit or debit card number;

(5)

personal identification number (PIN);

(6)

automated or electronic signature;

(7)

unique biometric data;

(8)

account passwords; or

(9)

any other piece of information that can be used to access an individual’s financial accounts or to obtain goods or services.

(c)

The term “internet” means collectively the myriad of computer and telecommunications facilities, including equipment and operating software, which comprise the interconnected world-wide network of networks that employ the transmission control protocol/internet protocol, or any predecessor or successor protocols to such protocol, to communicate information of all kinds by wire or radio.

(d)

The term “web page” means a location, with respect to the world wide web, that has a single uniform resource locator or other single location with respect to the internet.

3.

It is unlawful for any person, by means of a web page, electronic message, or other use of the internet to solicit, request or collect identifying information by deceptively representing himself or herself, either directly or by implication, to be a business or a governmental entity and doing so without the authority or approval of such business or such governmental entity.

4.

(a) The attorney general, or any person who either is engaged in the business of providing internet access service to the public or owns a web page or trademark and who is adversely affected by reason of a violation of the provisions of subdivision three of this section, may bring an action against a person who violates the provisions of subdivision three of this section:

(1)

to enjoin further violation of the provisions of subdivision three of this section; and

(2)

to recover the greater of: (A) actual damages; or (B) one thousand dollars for each instance in which identifying information is solicited, requested or collected from a person in violation of the provisions of subdivision three of this section.

(b)

In an action under paragraph (a) of this subdivision, a court may:

(1)

increase the damages up to three times the damages allowed by paragraph (a) of this subdivision where the defendant has been found to have engaged in a pattern and practice of violating the provisions of subdivision three of this section; and

(2)

award costs and reasonable attorney’s fees to a prevailing party.

5.

Nothing in this section shall in any way limit rights or remedies which are otherwise available under law to the attorney general or any other person authorized to bring an action under subdivision four of this section.

Source: Section 390-B — Anti-phishing act of 2006, https://www.­nysenate.­gov/legislation/laws/GBS/390-B (updated Sep. 22, 2014; accessed Oct. 26, 2024).

390
Substitution of spurious oils for internal combustion engines
390‑A
Optical discs
390‑B
Anti-phishing act of 2006
390‑BB
Cramming prohibited
390‑C
Prohibit persons under eighteen years of age in certain facilities
390‑C*2
Posting of warnings by commercial entities offering internet access to the public
390‑D
Information concerning services for human trafficking victims in facilities at truck stops
390‑E
Unauthorized installation of certain security devices prohibited
390‑E*2
Skimming awareness notice
391
Marking retreaded, recapped or recut tires
391‑A
Unlawful acts relating to liquid fuels, lubricating oils and similar products
391‑B
Prohibit any sale of dangerous clothing articles
391‑C
Sale of bicycles
391‑CC
Sale of micromobility devices, bicycles with electric assist and limited use motorcycles powered by lithium-ion batteries, and lithium-io...
391‑CC*2
Sale of bicycles with electric assist and micromobility devices
391‑D
Sale of matchbooks
391‑E
Promotion of camps by certain organizations
391‑F
Promotion of private schools by certain organizations
391‑G
Rental of motor vehicles
391‑H
Lubricating oils
391‑I
Sale of urea-formaldehyde foam insulation
391‑J
Sale of fire extinguishers
391‑JJ
Sale of electric space heaters
391‑K
Automatic garage door opening systems
391‑L
Personal emergency response service agreements
391‑L*2
Rental of motor vehicles
391‑M
Manufacture and sale of in-line skates
391‑N
Sale of reptiles
391‑OO
Sale of over-the-counter diet pills and dietary supplements for weight loss or muscle building
391‑P
Prohibit the rental of clothing articles previously worn
391‑Q
Rebates
391‑S
Sale and distribution of novelty lighters prohibited
391‑T
Sale of small animals
391‑U
Pricing goods and services on the basis of gender prohibited
391‑U*2
Restrictions on the sale and use of firefighting equipment containing PFAS chemicals
391‑V
Third-party food delivery agreements
392
Second-hand watches
392‑A
Sale of new computers
392‑B
False labels and misrepresentations
392‑C
Obliteration of marks of origin
392‑D
Using false marks as to manufacture
392‑E
Using false statements or altering mileage registering devices
392‑F
Taximeters
392‑G
Sale of ultraviolet radiation devices
392‑H
Trash receptacles
392‑I
Prices reduced to reflect change in sales tax computation
392‑J
Sales of sparkling devices
393
Lime
393‑A
Non fire rated wood paneling
393‑B
Written solicitation
393‑C
Sale of required labor postings
393‑D
Sale of certified copies of property deeds
393‑E
Sale of abandoned property location services
393‑F
Voluntary third-party notification
394
Lost or destroyed certificate of stock
394‑A
Proof of lost negotiable paper
394‑B
Limitations on certain contracts for instruction or use of physical or social training facilities
394‑C
Limitations on certain contracts involving social referral services
394‑CC
Internet dating safety
394‑CCC
Social media networks
394‑D
Privity of contract between franchise seller and customer or patron of dealer
394‑E
Report on request for abortional services
394‑F
Warrants for reproductive health related electronic data
395
Required disclosure of prior use
395‑A
Maintenance agreements

Accessed:
Oct. 26, 2024

Last modified:
Sep. 22, 2014

§ 390-B’s source at nysenate​.gov

Link Style