Support Centre

New York


Law: Please note this State does not have a general privacy law in effect, you can visit USA State Law Tracker to monitor the progress of US State bills.

Regulator: The New York State Attorney General ('AG')

Summary: Although New York does not recognise a constitutional or common law right of privacy, privacy is regulated statutorily through the Civil Rights Law. Another important part on New York's legislation is the Stop Hacks and Improve Electronic Data Security Act ('the SHIELD Act'). It was signed into law in July 2019 before fully coming into effect on 21 March 2020, and regulates data breach and data security matters in New York. The SHIELD Act modified existing data breach requirements, established obligations regarding developing security programs, and expanded enforcement capabilities. New York’s State Senate and Assembly have also tried to pass general privacy legislation, but such bills have not yet been successful.


In this Insight article, Mark Francis and Sophie Kletzien, from Holland & Knight LLP, delve into New York City's pioneering regulations, making it the first US jurisdiction to govern artificial intelligence's (AI) role in employment decisions.

On 8 November 2021, New York Governor Kathy Hochul signed into law Senate Bill ('SB') 2628, which requires every private-sector employer to provide notice of its electronic monitoring practices to all employees upon hiring, with written or electronic employee acknowledgement, and, more generally, in a 'conspicuous place' viewable by all employees. Since then, the law has taken effect on 7 May 2022. Mark Francis and Sophie Kletzien, from Holland & Knight LLP, summarise the main provisions and implications of SB 2628, while drawing comparisons to other States' laws.

The New York City Council approved, on 10 November 2021, Bill Int 1894-2020 for a Local Law to amend the Administrative Code of the City of New York in relation to automated employment decision tools. Soon after, the bill was automatically enacted without a mayoral signature on 10 December 2021 and is due to take effect in 2023. In particular, the law regulates automated employment decision tools which score, classify, or otherwise make a recommendation, that is used to substantially assist or replace the decision-making process of an individual. OneTrust DataGuidance gives an overview of the law, its scope, and main provisions, alongside comments provided by Jessica Lee and Bianca Lewis from Loeb & Loeb LLP.