New York side-eyes California's hack attack laws: I'll have what she's having

New York's attorney general is asking the state to set new rules requiring companies to confess when they've been hacked.

The Big Apple's AG Eric Schneiderman said that he is going to ask the state to force organizations to disclose the loss of customer user names, passwords and security question answers as part of its definition of sensitive data.

Additionally, his draft law would require all businesses in New York State who handle such data to provide a set of basic security protections including employee training, and third-party audits to certify compliance.

While putting the stricter requirements on companies, the law would also call for a "safe harbor" protection that would shield firms who comply to data security standards from being held liable in the event of a breach.

"With some of the largest-ever data breaches occurring in just the last year, it’s long past time we updated our data security laws and expanded protections for consumers," Schneiderman said.

"We must also remind ourselves that companies can be victims, and that those who take responsible steps to safeguard customer data deserve recognition and protection."

Such a law would be the first in New York state to mandate the protection of consumer information, according to the Attorney General's office.

Schneiderman said that the laws bring New York in line with California when it comes to data protection. That would put two of the nation's largest tech hubs- Silicon Valley and New York City- on the same page in regards to security requirements.

The New York proposal comes on the heels of an announcement from the White House calling for tighter federal laws on data security.®