The concept of a “data fiduciary” or an “information fiduciary” is mostly an academic discussion, spilling out on the pages of a U.S. Davis Law Review article and in the pages of The Atlantic. Yet, this theoretical exercise took a step towards the practical recently when S. 5642 was introduced in the New York Senate by Sen. Kevin Thomas (D), the chair of Consumer Affairs.A data fiduciary is an interesting theory but a substantial practical challenge that should be resisted by a lot of business interests. For starters, there is going to be a huge litigation risk for businesses before it even becomes a compliance risk. Since the bill is purely an academic concept now, if it were to become law, we would likely have a large body of case law develop around what kinds of data processing activities would run afoul of the duty of care, confidentiality, and loyalty. Also, the bill is pretty objectionable because it does not lay down clearly what businesses may or may not do, instead deferring the calls to different courts in different jurisdictions who might take vastly different approaches around what is reasonably within a fiduciary duty.