NY attorney general proposes law to require businesses to protect consumer and employee data

New York Attorney General Eric Schneiderman says the state's data security law is weak and he wants an overhaul requiring businesses to protect the personal information of consumers and employees.

He says in the event of a data breach or unauthorized disclosure, companies and employers are merely required to notify affected individuals if "private information" is compromised.

That doesn't include email addresses and passwords, security questions, medical history and health insurance information.

Schneiderman proposed Wednesday making employers and retailers responsible for protecting that and other personal information while getting protection from liability if they meet certain security standards.

The attorney general's office says security breaches at businesses, nonprofits and governments in New York more than tripled between 2006 and 2013, exposing 22.8 million personal records of New Yorkers in nearly 5,000 incidents.