Governor Andrew Cuomo signed the SHIELD act into law on July 25, 2019. SHIELD stands for Stop Hacks and Improve Electronic Data Security - an act put into effect to amend the current data breach security and/or notification laws in the state of New York. But the SHIELD act impacts businesses anywhere in the world that store and use information belonging to residents. This means that even if you’re not operating in the state, you may be required to make some big changes to the way you store, access, and share sensitive information.
Significant changes are imposed under the SHIELD act to better protect residents against data breaches that leave their sensitive information at risk. Here’s a quick review of the significant changes that are necessary:
Reasonable security measures and/or safeguards must be adopted before March 21, 2020. For most businesses, it’s critical to have a technology partner available to help you implement the following:
Essentially, all solutions and/or processes relating to data storage or use must be reviewed to ensure private information is safe at all times. Here are a few recommended steps to help you get started:
The SHIELD act updates definitions already in place and adds to the existing laws relating to breach notifications. Any information exposed through unintentional or intentional efforts requires the business to notify affected individuals via:
The breach must be announced without reasonable delay, and if the breach impacts more than 500 residents of the state, you must provide written determination within 10 days to the state attorney. If the breach impacts more than 5,000 residents of the state, you must report the timing, content, and distribution of the notices, as well as the number of affected individuals, to whichever consumer reporting agencies deemed pertinent by the state attorney general.
Prior to the NY Shield Act, businesses faced a fine of $5,000 or $10 per instance of failed notification - whichever was greater in the situation, so long as the total didn’t exceed $150,000 in the event of paying $10 per instance of failed notification. The NY Shield Act increases the penalties to $20 per incident with a maximum of $250,000. In addition, businesses may be fined up to 3 years after an incident rather than 2 years.
This time will be measured from the date in which the attorney general became aware of the violation or the date they received notice from the business, whichever comes first. The attorney general is also empowered to sue for injunctions and civil penalties when businesses fail to comply in regards to implementing reasonable safeguards.
Need help complying with the SHIELD act? Call (631) 203-6403.
LI Tech Advisors is the top IT services company in Long Island, NY and surrounding areas.
Like this article? Keep reading…