Over the last few months, we have been presenting and reporting on the California Consumer Privacy Act (CCPA), the county’s first comprehensive state law designed to give consumers significant control over the personal data that companies collect. Not to be outdone, New York is working on data privacy legislation that imposes even heavier burdens on companies that collect consumer information.

The proposed New York Privacy Act (NYPA), Senate Bill S5642, sponsored by Democrat Kevin Thomas, has not yet been passed. If it passes in its current form, however, it would impose the strictest requirements in the country relating to companies’ collection, maintenance, use, and disclosure of consumer information. 

The NYPA would mirror the CCPA in many ways. The NYPA would require companies that collect consumer information to provide notice to consumers of their rights under the statute. It would also require companies to disclose to consumers, on their request, what personal information about the consumers the company holds, how that information is used, and whether it is sold.  It also would allow consumers to request that the their personal information be deleted.

But there a some key differences too. The proposed NYPA, unlike the CCPA, would designate any legal entity that “collects, sells or licenses personal information of consumers” as a “data fiduciary.” A “data fiduciary” would be required to “exercise the duty of care, loyalty and confidentiality expected of a fiduciary” in handling consumer information. It also would be prohibited from using information in a way that “will benefit the online service provider to the detriment of an end user,” “will result in reasonably foreseeable and material physical or financial harm to a consumer,” or “would be unexpected and highly offensive to a reasonable consumer.”

The NYPA would also create a data “correction” mechanism requiring companies to correct “inaccurate personal data” when requested by a consumer, recalling provisions of consumer protection laws involving credit reporting. This would in some cases entail a “supplementary statement” that the company needs to add to the data it already maintains.

Finally, unlike the CCPA, which at present allows private civil actions only for data breaches, the entirety of the NYPA would be privately-actionable. “Any person who has been injured by reason of a violation” could sue for actual damages and injunctive relief.

As noted above, the NYPA is still a work in progress, and it may be modified before being passed, if it is passed. But whether it makes it to Governor Cuomo’s desk in its present form or not, it presents a valuable glimpse into the possible future of state-level data privacy law.

For more information regarding this article, please contact Luke Sosnicki and Ashley Fickel.

For information regarding Dykema’s Privacy and Data Security Team, please contact Cindy Motley.

To sign up for Dykema’s Privacy and Data Security Blog e-mail updates, please click here.


As part of our service to you, we regularly compile short reports on new and interesting developments and the issues the developments raise. Please recognize that these reports do not constitute legal advice and that we do not attempt to cover all such developments. Rules of certain state supreme courts may consider this advertising and require us to advise you of such designation. Your comments are always welcome. ©2019 Dykema Gossett PLLC.

Print:
EmailTweetLikeLinkedIn
Photo of Lukas Sosnicki Lukas Sosnicki

Luke Sosnicki is a commercial litigator in Dykema’s Los Angeles, California office. He has successfully litigated commercial contract disputes of all types, including claims involving breaches of warranty, breach of fiduciary duty, commercial landlord-tenant disputes, and trade-secret theft. He has also conducted several…

Luke Sosnicki is a commercial litigator in Dykema’s Los Angeles, California office. He has successfully litigated commercial contract disputes of all types, including claims involving breaches of warranty, breach of fiduciary duty, commercial landlord-tenant disputes, and trade-secret theft. He has also conducted several internal investigations in response to allegations of corporate misconduct.

Mr. Sosnicki, whose background is in financial services litigation, also has extensive experience defending banks and mortgage servicers in individual and class action lawsuits across the country. He has successfully defended clients in lawsuits brought under various state and federal consumer protection statutes relating to loan origination, servicing, debt collection, foreclosure, as well as to unfair and deceptive practices generally. He is also an experienced appellate lawyer, having successfully represented numerous bank and servicer clients on appeal.

Photo of Ashley R. Fickel Ashley R. Fickel

Ashley R. Fickel has significant experience handling a variety of complex litigation from inception through trial. Mr. Fickel has significant trial experience, including experience in cases ranging from complex business disputes to catastrophic injuries. He has also served a meaningful role in the…

Ashley R. Fickel has significant experience handling a variety of complex litigation from inception through trial. Mr. Fickel has significant trial experience, including experience in cases ranging from complex business disputes to catastrophic injuries. He has also served a meaningful role in the development of legal strategy for a number of national and international corporations. As a result of Mr. Fickel’s professional achievements, he has been recognized on several occasions as a California “Rising Star” by Law & Politics in the area of litigation.