On March 21, 2020, the data security requirements of the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act became effective. Based on the New York SHIELD Act, businesses that own or license computerized data containing the ‘private information’ of residents within the State of New York are required to maintain reasonable security measures. The provisions in this data privacy act expanded the category of businesses that are subject to data security requirements within the State of New York, as well as redefining the type of information that is considered as “private.”
Additionally, the New York SHIELD Act presents an expansion of New York’s existing cybersecurity and data breach notification laws. It expands data breach notification requirements under New York law. The following are some of the clauses that have the greatest potential impact on business and security operations:
- Reasonable Safeguards: It requires businesses to maintain “reasonable safeguards” to protect the “private information” of New York residents.
- Breach Notification: The Act’s data breach notification requirements amend New York’s data breach notification law (§899-aa of Article 39-F of New York’s General Business Law) to expand data breach notification requirements relating to the “private information” of New York residents. Those provisions took effect on October 23, 2019.
- “Reasonable Safeguards” Requirements: The Act’s “reasonable safeguards” provisions add §899-bb to New York’s General Business Law, which requires any person or business that owns or licenses the “private information” of New York residents to develop, implement, and maintain “reasonable safeguards” to protect such information. These reasonable safeguards requirements, also discussed above, came into effect on March 21, 2020.
GoldSky Security offices in Orlando, Denver or Chicago can help support your The New York Shield Act requirement.