TMCnet Feature
December 02, 2019

Why NY State Corporation Need To Pay Attention To The SHIELD Act

For businesses in New York State, updates to the cybersecurity laws mean that your company has to stay compliant. Here we'll discuss exactly what the SHIELD Act is, who it affects, and how to make sure that your business takes the right steps to protect your data.

The SHIELD Act expands on the previous data breach law. The full name is the Stop Hacks and Improve Electronic Data Security Act, but you'll usually see the acronym, SHIELD used when discussing this legislation. Governor Cuomo signed this Act into law on July 25, 2019. The amendments that relate to breach notification went into effect on October 23, 2019. The amendments from this act that relate to data security requirements are set to go into effect starting March 21, 2020.

Adam Mahoney, owner of NYC IT services company, Network Outsource consults with organizations across New York City and Long Island, helping them prepare for the SHIELD act.

The Purpose of the SHIELD Act

The way we handle data has shifted almost entirely to the digital world. Enhancing New York's previous data security laws was the next logical step to stay current with the changes that impact citizens and their information. Because nefarious actors are difficult to pinpoint, the legislation puts the responsibility on the companies who hold the data. Essentially, any company that keeps personal or private information on customers or employees who reside in New York will need to take precautions in the way that they protect that data.

The idea behind these additions is that it regulates the way that companies protect their data and the way in which they notify and compensate people when their personal information has been compromised. The main goal is in protecting individual citizens. However, companies also benefit from following these standards because it improves trust with their employees and customers and helps them stay ahead of any cybersecurity threat.

What You Need to Know About the SHIELD Act

This legislation made a number of changes to the existing laws which you do need to be aware of in order to maintain compliance.

Here are the most important aspects you need to be aware of going forward:

  • Swift (News - Alert) Notification. This part of the amendment has already gone into effect. It stipulates that you must notify New York residents of a data breach within a reasonable time frame. This portion of the amendment does provide a stipulation that you don't need to notify people if it's determined that the incident isn't likely to result in a compromise or misuse of the information. This portion is worded specifically to include a scenario where an authorized person inadvertently accessed information because it is technically considered a breach even though it's not carried out by malicious actors or likely to result in an actual threat.
  • Who Needs to Maintain Compliance. The original data security laws only applied to companies that were located in New York. This amendment includes any company with the personal or private information of New York residents, whether customers, clients, or employees.
  • Definition of Personal and Private Information. This act adds to the types of information that should be protected, including biometric data.
  • Mandates Data Security Programs. This legislation stipulates that companies need to implement data security plans and lays out what measures need to be included.

At this point, if you have any employees or customers in New York State, it's important that you're clear on all of the stipulations in the SHIELD Act and that your company maintains compliance.

» More TMCnet Feature Articles


» More TMCnet Feature Articles