New York § 995-B Reporting of cybersecurity incidents

New York Statutes

§ 995-B — Reporting of cybersecurity incidents

New York § 995-B

Law GMUGeneral Municipal

Art. 19-CCybersecurity Incident Reporting Requirements For Municipal Corporations and Public Authorities

This text of New York § 995-B (Reporting of cybersecurity incidents) is published on Counsel Stack Legal Research, covering New York primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

N.Y. General Municipal § 995-B (2026).

Text

§ 995-b. Reporting of cybersecurity incidents.

1.Notwithstanding any\nother provision of law to the contrary, all municipal corporations and\npublic authorities shall report cybersecurity incidents and when\napplicable, the demand of a ransom payment, to the commissioner of the\ndivision of homeland security and emergency services in the form and\nmethod prescribed by such commissioner. Such report shall include\nwhether the reporting municipal corporation or public authority is\nrequesting or declining advice and/or technical assistance from the\ndivision of homeland security and emergency services with respect to the\nreported cybersecurity incident or demand for a ransom payment.\n 2. All municipal corporations and public authorities shall report\ncybersecurity incidents, including

Free access — add to your briefcase to read the full text and ask questions with AI

§ 995-b. Reporting of cybersecurity incidents. 1. Notwithstanding any\nother provision of law to the contrary, all municipal corporations and\npublic authorities shall report cybersecurity incidents and when\napplicable, the demand of a ransom payment, to the commissioner of the\ndivision of homeland security and emergency services in the form and\nmethod prescribed by such commissioner. Such report shall include\nwhether the reporting municipal corporation or public authority is\nrequesting or declining advice and/or technical assistance from the\ndivision of homeland security and emergency services with respect to the\nreported cybersecurity incident or demand for a ransom payment.\n 2. All municipal corporations and public authorities shall report\ncybersecurity incidents, including demands for ransom payment, no later\nthan seventy-two hours after the municipal corporation or public\nauthority reasonably believes the cybersecurity incident has occurred.\n 3. Any cybersecurity incident report and any records related to a\nransom payment submitted to the commissioner of the division of homeland\nsecurity and emergency services pursuant to the requirements of this\narticle shall be exempt from disclosure under article six of the public\nofficers law.\n

Nearby Sections

3

§ 995-A

Definitions

§ 995-B

Reporting of cybersecurity incidents

§ 995-C

Notice and explanation of ransom payment

View on official source ↗

Cite This Page — Counsel Stack

Bluebook (online)

New York § 995-B, Counsel Stack Legal Research, https://law.counselstack.com/statute/ny/GMU/995-B.