N.Y. State Technology Law Section 209
Notification of a breach of the security of the system or a breach of network security

shared data

1.

The office shall, within twenty-four hours of either being notified of or receiving evidence of a breach of the security of the system, or a breach of network security, as defined in paragraphs (a) and (b) of subdivision three of this section, notify the chief information officer, the chief information security officer, and where appropriate, the cyber security coordinator of any state entity with which it shares data, provides networked services or shares a network connection whose data, services or connection is reasonably suspected to be affected by any such breach.

2.

The office shall provide the chief information officer, the chief information security officer, and where appropriate, the cyber risk coordinator of any state entity, who has been notified pursuant to subdivision one of this section, with its plan for remediation of the breach and future protection of such data and network.

3.

For purposes of this section:

(a)

“Breach of the security of the system” shall have the same meaning as defined in paragraph (b) of subdivision one of § 208 (Notification)section two hundred eight of this article.

(b)

“Breach of network security” shall mean unauthorized access to or access without valid authorization of a computer network which compromises the security, confidentiality, or integrity of such network.

(c)

“State entity” shall have the same meaning as provided by paragraph (c) of subdivision one of § 208 (Notification)section two hundred eight of this article.

Source: Section 209 — Notification of a breach of the security of the system or a breach of network security; shared data, https://www.nysenate.gov/legislation/laws/STT/209 (updated Mar. 4, 2022; accessed Nov. 29, 2025).

201
Short title 202
Definitions 203
Model internet privacy policy 204
Collection and disclosure of personal information 205
Access to personal information 206
Exceptions 207
Construction 208
Notification 209
Notification of a breach of the security of the system or a breach of network security 210
Cybersecurity protection

Up to date

Verified:
Nov. 29, 2025

Last modified:
Mar. 4, 2022

§ 209. Notification of a breach of the security of the system or a breach of network security's source at nysenate.gov

Link Style

Stay Connected

Join thousands of people who receive monthly site updates.

Get Legal Help

The New York State Bar Association runs a service for finding an attorney in good standing. Initial consultations are usually free or discounted: Lawyer Referral Service

Committed to Public Service

We will always provide free access to the current law. In addition, we provide special support for non-profit, educational, and government users. Through social entrepreneurship, we’re lowering the cost of legal services and increasing citizen access.

Navigate

California:	Codes
Colorado:	C.R.S.
Florida:	Statutes
Nevada:	NRS
New York:	Laws
Oregon:	OAR, ORS
Texas:	Statutes
World:	Rome Statute, International Dictionary

Location: https://newyork.public.law/laws/n.y._state_technology_law_section_209

Original Source: Section 209 — Notification of a breach of the security of the system or a breach of network security; shared data, https://www.nysenate.gov/legislation/laws/STT/209 (last accessed Nov. 29, 2025).

N.Y. State Technology Law Section 209 Notification of a breach of the security of the system or a breach of network security

1.

2.

3.

(a)

(b)

(c)

N.Y. State Technology Law Section 209
Notification of a breach of the security of the system or a breach of network security