On January 5, 2011, legislation was introduced in the New York State Assembly that would prohibit online computer services from disclosing the personal information of subscribers without their consent. The bill, which faces an uncertain future in the legislature, is intended to prevent identity theft and would ban the sale, rental, or other dissemination of personal information to any other person, firm, partnership, or corporation. Similar measures have been introduced each and every year since 1999. None, however, have succeeded in making it out of committee.
The bill defines online computer services as those offering “a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing or making available information using computer-based telecommunications.’’ Pursuant to the bill, computer service companies would be mandated to inform consumers about the nature, frequency, and purpose of any disclosures of personal information, and provide a description of the procedures by which customers may obtain access to personal information. A computer service company may disclose personal information if it is; (1) necessary to render or conduct businesses or provide service to the customer, (2) for the purpose of extending credit, (3) for the purpose of validating a check, or (4) made pursuant to a court order. Violations of the law would presumably be enforced by the attorney general or private action.