Michael Hollander, William Johnson, Phyllis Sumner of King & Spalding write:
New York’s State Senate is considering a bill that would impose sweeping new requirements upon companies that collect and process consumer data, including a fiduciary-like duty to protect such data. On May 9, 2019, New York State Senator Kevin Thomas introduced S. 5642, the New York Privacy Act (“NYPA”), which has been referred to the New York State Senate Consumer Protection Committee.[i] If enacted, the NYPA will roll out strict rules for the collection, use, control, processing, and transfer of data by entities that conduct business in New York or produce products or services intentionally targeted at New York residents.[ii]
Of particular interest is the NYPA’s proposed definition of “personal data,” which references a whole host of data points including mother’s maiden name, records of personal property, biometric information, internet search history, certain education records, and even thermal and olfactory data.[iii] Similar to the sweeping definition of personal data provided by the California Consumer Privacy Act of 2018 (“CCPA”),[iv] the NYPA’s definition of “personal data” also includes a catch-all for “inference[s] drawn from any of the information described in [the NYPA’s definition of personal data] to create a profile about an individual reflecting the individual’s preferences, characteristics, psychological trends, preferences [sic], predispositions, behavior, attitudes, intelligence, abilities, or aptitudes.”[v] The bill also contains a provision that would create a private right of action for consumers to sue companies for violations of the law and seek injunctive and compensatory relief.
Read more details on JDSupra.