These days, everything is online—including private consumer data. Because the United States does not currently have a nationwide data privacy law, states may enact their own data privacy protections. New York is one of the latest states to follow suit.

Keeping up with changes to the law, at both the federal and state level, can be time-consuming and expensive. Fortunately, a New York privacy policy generator can cut down on the cost and effort it takes to stay compliant with New York data privacy laws.

SixFifty has created state-specific tools to automatically generate a privacy policy for New York. Read on to learn more about New York’s data protection laws, and how our privacy tools make it easy and cost-effective to stay in compliance.

Who is affected by New York data privacy laws?

The New York Privacy Act of 2021 governs companies who collect, store, and process personal consumer data. It is currently in the state legislature.

While the final text of the bill remains to be determined, the new regulations will apply to any entity conducting business in New York, and/or companies who collect, store, or process personal data from New York residents.

The thresholds are expected to include:

  • Entities with gross revenue over $25 million;
  • Entities controlling the data of 100,000 or more New York residents;
  • Entities who control the data of 500,000 or more people, including at least 10,000 New York residents; or
  • Entities who derive half or more of their gross revenue from selling personal data.

There are certain exceptions. Government agencies who process and store data for purposes other than sales are exempt. Similarly, data for employment purposes, research on human subjects, and protected health information will be exempted from the New York Privacy Act. However, because the bill may undergo changes before it’s ultimately passed, it’s important for businesses to stay up to date.

What’s the difference between privacy policies and privacy notices?

Wondering why you need two different documents? A privacy notice and privacy policy serve different purposes. A privacy notice is a public document that you post for consumers to see. It outlines your personal information gathering practices, and tells consumers what you do with their data. A privacy policy is an internal document that your employees follow. It tells them how they should handle consumers’ personal information.

New York privacy law

The New York Privacy Act of 2021 governs companies who collect, store, and process personal consumer data. If passed, the law will require the following:

  • Notice: Consumers must be notified about which data is being collected and processed. Companies will need to disclose who is collecting the data and for what purpose it will be used.
  • Opt-in consent: Companies cannot automatically collect or process personal data. Instead, they must obtain affirmative, unambiguous, and informed consent. That is, consumers must be notified that their data could be collected, notified what it’s used for, and have the ability to opt in or out.
  • Ability to access and correct data: Businesses must provide an easily accessible way for consumers to access the personal data collected, and to request corrections when necessary.
  • Ability to delete: Companies must also provide the means for consumers to request their information be deleted in its entirety. This also applies to third-party companies who handle their data processing.
  • Annual risk assessments: Businesses need to perform annual data risk assessments to ensure consumer data remains safe and protected. They must delete unneeded data annually.
  • Disclosures regarding automated decision-making: Finally, companies will be required to create disclosures as to how automated decision making uses personal consumer data.

Is there a New York privacy policy template?

While you might be tempted to try a one-size-fits-all privacy notice and policy template, they often do not cover each applicable scenario. It’s important that your company keep up with changes to privacy laws, on both the state and federal level.

SixFifty’s NY website privacy policy generator specifically addresses these needs. Instead of having your legal team draft the documents and monitor changes to the law, or rack up billable hours with outside counsel, you can easily generate a privacy policy that conforms to New York’s standards. You’ll also receive notifications whenever there’s been an update to the law. We update our privacy tools whenever there are changes, and let you know it’s time to regenerate your privacy documents.

Our software pairs technology with real legal expertise, to deliver compliant New York privacy policies and notices in record time. Simply answer a series of questions, download the generated document and have your lawyer review. It’s a quick and easy way to stay compliant and avoid incurring penalties—all while saving money on legal guidance.

Generate a privacy policy for New York with SixFifty

If your company does business in New York and meets the New York Privacy Act thresholds, you will need a privacy policy when the new law goes into effect. Let SixFifty do the heavy lifting for you with our New York privacy policy generator. Reach out today to schedule a demo, or learn more about our privacy tools!