New York Data Privacy: A Plain-Language Overview
No comprehensive consumer privacy law (as of 2026)
Status: The state regulates data primarily through the SHIELD Act (effective 2020, amended 2023) and sector-specific laws like the Child Data Protection Act.
As of 2026, New York does not have a single comprehensive consumer privacy law similar to those in California or Virginia. Instead, the state relies on the SHIELD Act, which sets strict requirements for data breach notification and data security, alongside industry-specific rules (e.g., for biometrics or children's data). Enforcement is robust, utilizing the state's powerful General Business Law to penalize deceptive data practices.
Consumer rights
No comprehensive statutory consumer privacy rights specific to this state as of 2026; general consumer-protection rules may still apply.
Who it generally applies to
The SHIELD Act applies broadly to any business or entity that owns or licenses private information of New York residents, regardless of where the business is located.
What this means for B2B outreach
New York's privacy and security laws generally focus on personal information of individuals; however, the SHIELD Act's definition of private information is broad and can cover employee data (B2B context) if it includes sensitive identifiers like Social Security numbers.
Authoritative source: New York State Office of the Attorney General. Always confirm current requirements there.
Marketing that respects privacy by design
We run permission-based, compliance-minded campaigns with real opt-out handling.
Talk to us