On December 24, 2024, New York Governor Kathy Hochul signed into law an amendment to New York General Business Law § 899-aa modifying the state’s data breach notification requirements. The amended law, which is effective immediately, imposes new requirements businesses must follow when providing notifications following a data breach affecting New York residents. Specifically, businesses now must disclose data breaches affecting New York residents within thirty days from the discovery of a breach. Additionally, the amendment adds the New York Department of Financial Services (“NYDFS”) to the list of state regulators that must be notified whenever a breach requiring notification to New York residents occurs.