New York lacks a dedicated data privacy complaint process. The NY Attorney General enforces some issues under consumer protection laws.
New York does not have a comprehensive state data privacy law or dedicated consumer-facing complaint process like California's CCPA. The New York Attorney General (NY AG) addresses certain data privacy issues through general consumer protection authority, such as ensuring website privacy controls match their descriptions. This applies to practices like inaccurate tracking statements, based on NY AG guidance. Data breaches follow separate rules under the SHIELD Act, which requires businesses to notify affected parties and the AG in specific cases, but does not provide a consumer complaint route.
For general data privacy concerns with businesses, start by contacting the company directly using their privacy policy or support channels. If unresolved, submit a complaint to the NY AG Office of Consumer Protection, as they investigate privacy-related consumer protection violations. Gather evidence like screenshots of privacy statements and your communications. No specific privacy complaint form or guaranteed timeline exists in official sources.
What Controls Data Privacy Complaints in New York
The NY AG enforces consumer protection laws against businesses for issues like misleading website privacy controls. For example, guidance requires that privacy settings and tracking statements accurately reflect actual practices. This stems from general consumer protection authority, not a standalone privacy statute.
The NY AG's own privacy policy allows data access and correction for information held by the AG's website under Public Officers Law §95. This covers state agency data handling only and does not extend to complaints against private businesses.
No official evidence confirms a centralized NY privacy enforcement agency or comprehensive privacy law as of 2026.
What Does Not Control General Data Privacy Complaints
The SHIELD Act governs data breach notifications, not everyday privacy disputes. Businesses must notify the NY AG if a breach affects more than 5,000 residents, or affected individuals if over 500, plus consumer reporting agencies in some cases. Consumers report suspected breaches to the business, but this law sets business obligations, not a complaint process.
Federal laws like FTC Section 5 on unfair practices may apply separately but do not override NY state consumer protection for local issues. Other state laws, such as California's CCPA, have no effect here.
| Issue Type | Controlling Authority | Consumer Action |
|---|---|---|
| Website privacy controls (e.g., tracking) | NY AG consumer protection | Contact business, then file AG complaint |
| Data breaches | SHIELD Act (business notification) | Report to business; AG notifies if threshold met |
| AG website data access | Public Officers Law §95 | Request directly from AG |
Practical Next Steps for NY Consumers
Contact the business first through their privacy contact or support, documenting all interactions with screenshots, emails, and policy page links.
If no resolution, file a general consumer complaint with the NY AG Office of Consumer Protection. Use their online intake form for issues like deceptive privacy practices. As an alternative, reach the NY Department of State Division of Consumer Protection.
Evidence checklist:
- Screenshots of the business's privacy policy and your data issue
- Records of support communications
- Details of the privacy concern (e.g., unwanted tracking despite opt-out)
Expect no fixed response time; the AG prioritizes investigations. This is not a substitute for legal counsel.
FAQ
Is there a specific NY data privacy complaint form?
No dedicated form exists in official sources. Use the NY AG's general consumer complaint intake.
How does the SHIELD Act apply to my privacy issue?
It requires business notifications for breaches, not a process for general complaints.
Can I sue a business for data privacy violations in NY?
Official sources do not detail a private right of action; consult an attorney for options under statutes like GBL §899-aa.
What if the issue involves financial data?
NY Department of Financial Services may oversee if regulated entities are involved, separate from AG consumer protection.
Does federal law override NY for privacy complaints?
Federal laws like FTC rules apply alongside state authority but follow separate federal processes.