westchestergov.com In an emergency, let us contact you subscribecommentsfaq search home


BACK

 Current News
Oct. 2005

BOARD OF LEGISLATORS
COUNTY OF WESTCHESTER

Your Committee is in receipt of a communication from the County Executive urging the adoption of a Local Law adding Article XV to Chapter 863 of the Laws of Westchester County with respect to requiring all commercial businesses in Westchester County utilizing electronic means of maintaining personal information to have a secure network to protect the public from potential identity theft and other potential threats such as computer viruses and data corruption.

Your Committee notes that ever-evolving wireless communication technology has spawned various concerns with respect to the security of personal information such as social security numbers and credit card and bank accounts. One of the fastest growing areas in this regard is wireless fidelity or “Wi-Fi” which offers wireless Internet access to local area networks.

Your Committee also notes that Wi-Fi has traditionally been used in airports and hotels to assist business travelers. However, the trend has caught on and there are a growing number of commercial businesses using or offering Wi-Fi communication, colloquially known as “Internet cafes.”

Your Committee is aware that the creation of these “hotspots” wherein Wi-Fi is provided offers an increased opportunity for identity thieves to prey on Internet users who might otherwise believe their personal information is secure. It is not only the Wi-Fi user who is at risk of identity theft. Identity theft may also occur where the business entity offering Wi-Fi utilizes the same network to conduct their day-to-day business. This practice could place a customer, who has made a credit card purchase with the business at risk for identity theft, computer viruses and data corruption from persons with rudimentary computer skills absent the appropriate security measures.

Your Committee is further aware that any entity which collects personal information could be vulnerable to threats of identity theft even if they do not offer Internet access to the public. A local retail store maintains personal information from your credit card and unless that store has taken the appropriate security measures such as installing a firewall, your personal information is at risk.

Your Committee is informed that while Wi-Fi communication offers opportunity for identity theft, so to does the use of traditional wired land area networks (LANs). Commercial entities that offer Internet connections through LANs expose themselves to electronic predators if such entities utilize the same LAN without appropriate security precautions.

Your Committee is also aware that while this Local Law is designed to help protect residents from certain cyber threats it does not provide a guarantee of such security. Therefore, the County will provide ongoing public education, through the distribution of pamphlets and postings on the County’s website, outlining steps that residents should take to help protect themselves from the threat of identity theft through the use of computers and other electronic devices. The public education effort will track the latest technological advances in order to provide up-to-date and meaningful assistance.

Your Committee, in order to protect the residents of Westchester County and other users of wired and wireless networks from crimes such as identity theft and other consumer fraud, recommends adoption of this Local Law.

Dated: , 2005
White Plains, New York



RESOLUTION NO. - 2005


RESOLVED, that this Board hold a public hearing pursuant to Section 209.141(4) of the Laws of Westchester County on Local Law Intro. No. -2005 entitled “A Local Law amending the Laws of Westchester County requiring any entity offering or utilizing public Internet access to have a secure network to protect the public from potential identity theft and other risks related to computer use.” The public hearing will be held at m. on the day of , 2005 in the Chambers of the Board of Legislators, 8th Floor, Michaelian Office Building, White Plains, New York. The Clerk of the Board shall cause notice of the time and date of such hearing to be published at least once in one or more newspapers published in the County of Westchester and selected by the Clerk of the Board for that purpose in the manner and time required by law.




LOCAL LAW 2005

A Local Law amending the Laws of Westchester County requiring any entity offering or utilizing public Internet access to have a secure network to protect the public from potential identity theft and other risks related to computer use.


BE IT ENACTED by the County Board of the County of Westchester as follows:

Section 1. A new Article XV shall be added to Chapter 863 of the Laws of Westchester County to read as follows:

ARTICLE XV. PUBLIC INTERNET PROTECTION ACT.
Sec. 863.1201. Definitions.
1. “Public Internet access” shall mean any commercial business that offers Internet access to the general public.
2. “Commercial business” shall mean any entity physically located in Westchester County that, for profit, offers goods or services for sale.
3. “Private information” shall mean personal information in combination with any one or more of the following data elements, when either the personal information or the data element is not encrypted (translated into private code) or encrypted with an encryption key that has also been acquired:
(a) social security number;

(b) driver’s license number or non-driver identification card number; or

(c) account number, credit card or debit card number, in combination with any required security code, access code, or password which would permit access to an individual’s financial account.


4. “Firewall” shall mean a set of related programs or hardware, located at a network gateway server that protects the resources of a private network from users of other networks.


Sec. 863.1202. Security of Personal Information.
1. Public Internet access shall not be made available unless the commercial business providing such public access has installed a firewall to secure and prevent unauthorized access to all private information that such entity may store, utilize or otherwise maintain in the regular course of its business. Any commercial business providing public Internet access shall conspicuously post a sign stating:

YOU ARE ACCESSING A NETWORK WHICH HAS BEEN SECURED WITH FIREWALL PROTECTION. SINCE SUCH PROTECTION DOES NOT GUARANTEE THE SECURITY OF YOUR PERSONAL INFORMATION, USE YOUR OWN DISCRETION

2. Any commercial business that stores, utilizes or otherwise maintains private information electronically shall install a firewall to secure and prevent unauthorized access to all such information.


Sec. 863.1203. Notice of Compliance.
Any commercial business providing public Internet access shall, within 90 days of the enactment of this Local Law, file a notice of compliance with the provisions of this Article stating that such entity has installed a firewall as required by Section 863.1202 herein. Such notice of compliance shall be made available by the Westchester County Department of Weights and Measures.

Sec. 863.1204. Public education effort.
The Westchester County Department of Weights and Measures, in conjunction with the Westchester County Department of Information Technology shall prepare and make available a pamphlet which shall inform and educate both the general public and the providers of public Internet access regarding the implications of this Local Law, including the need for network security measures in places of public accommodations. Such pamphlet shall also include information to assist the general public in protecting themselves from the potential of identity theft through the use of wireless Internet connections regardless of where such connections originate. Such information shall also be made available through the official Westchester County government web site at www.westchestergov.com.

Sec. 863.1205. Enforcement and Penalties.
1. The provisions of this article shall be enforced by the Westchester County Department of Weights and Measures.
2. A first violation for failure to file a notice of compliance shall result in a warning by the Westchester County Department of Weights and Measures which shall state that the offender has thirty (30) days to complete and file a notice of compliance. Failure to file a completed notice of compliance within the thirty day period shall constitute a first violation.
3. For a second violation of this Article, a civil penalty not exceeding two hundred and fifty hundred dollars ($250.00) shall be imposed. For the third and succeeding violations, a civil penalty not exceeding five hundred dollars ($500.00) shall be imposed for each single violation. No civil penalty shall be imposed as provided for herein unless the alleged violator has received notice of the charge against him or her and has had an opportunity to be heard.

Sec. 863.1206. Severability.
If any section, subsection, sentence, clause, phrase or other portion of this local law is, for any reason, declared unconstitutional or invalid, in whole or in part, by any court of competent jurisdiction such portion shall be deemed severable, and such
unconstitutionality or invalidity shall not affect the validity of the remaining portions of this law, which remaining portions shall continue in full force and effect.

Section 2. This Local Law shall take effect one hundred and eighty (180) days following its enactment.

www.westchestergov.com