Plattekill considers data breach policy

By Mark Reynolds
Posted 1/29/25

Recently, the Town of Plattekill received a memorandum from New York State concerning how they should handle Data Breaches. The memo states that, “pursuant to state Technology Law all …

This item is available in full to subscribers.

Please log in to continue

Log in

Plattekill considers data breach policy

Posted

Recently, the Town of Plattekill received a memorandum from New York State concerning how they should handle Data Breaches. The memo states that, “pursuant to state Technology Law all municipalities in New York  must adopt a notification policy for when there has been or reasonably has been a breach of the security of the municipality’s system that holds an individual’s private information. This statute applies to computerized data that includes private data that is owned or licensed by the municipality, It also applies to any computerized data that includes private data that is maintained by the municipality.”  

The memo goes on to define the meaning and terms of the following:  private information; what constitutes a breach of the security system and methods of notifying persons affected by a breach either in writing or by alternative means noticed in the NYS Technology Law.

“Regardless of the method by which notice is provided, such notice shall include contact information for the town, telephone numbers and websites of the relevant state and federal agencies that provide information regarding security breach response and identity theft prevention and protection information and a description of the categories of information that were or are reasonably believed to have been accessed or acquired by a person without valid authorization, including specification of which the elements of personal information and private information were or are reasonably believed to have been so accessed or acquired.”

The memo lists the relevant state agencies: Office of the State Attorney General, the Department of State and the State Office of Information Technology Services. The relevant Federal agencies are: Department of Homeland Security, the Department of State, FBI Internet Crime Complaint Center, the Cyber and Infrastructure Security Agency, the Federal Trade Commission, the Federal Communication Commission and the Department of Health and Human Services.

Supervisor Dean DePew said the policy is, “pretty extensive” and urged the board to read it carefully, noting that this is something the board needs to adopt.

“When we were going through the Risk Assessment Audit by the NYS Comptroller’s Office in early 2024, it was one of the things they were very adamant about and rightfully so, that we look at our computer systems and our IT networks to make sure they are secure and this is a policy that lays out the guidelines of what we should be achieving,” he said. “Adopting this, following this and adhering to it should make all of our IT processes and computers more secure and we should adopt it by the next meeting or two by a resolution of the board.”