Stop Hacks and Improve Electronic Data Security Act [SHIELD Act]
https://legislation.nysenate.gov/pdf/bills/2019/S5575BNY State Senate Bill S5575B
Signed into law: July 25, 2019
purpose
New York's data breach notification law needs to be updated to keep pace with current technology. This bill broadens the scope of information covered under the notification law and updates the notification requirements when there has been a breach of data. It also broadens the definition of a data breach to include an unauthorized person gaining access to information. It also requires reasonable data security, provides standards tailored to the size of a business, and provides protections from liability for certain entities.
what
The SHIELD Act requires businesses in possession of New York residents’ private information to “develop, implement, and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information, including but not limited to disposal of data.
The bill imposes stronger obligations on businesses handling private data of customers, regarding security and proper notification of breaches.
who
Businesses with access to personal and private information of New York residents.
Including but not limited to:
Name and other identifiers
Social security, driver license or other officially issued government card numbers
Financial account, credit or debit numbers
User identification and passwords for access to sensitive information
Anything not publicly available
when
Law takes effect in two phases:
Official law takes effect on October 22, 2019
[90 days from July 25, 2019]
Section 4 : Notification remedies takes effect on March 20, 2020
[240 days from July 25, 2019 ]
compliance
The SHIELD Act provides that a business will “be deemed to be in compliance with” this standard if it implements a “data security program” that includes all of the elements enumerated in the Act.
Domecile ensures our clients stay in compliance.