On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security (SHIELD) Act and it is set to go into effect on October 23, 2019. The law boosts the protection of consumers’ private information, and holds accountable any company that does business within the state.
What does this mean for your firm?
Regardless of their location or size, businesses that receive, collect or otherwise possess private information about New York residents must comply with the New York SHIELD Act. The SHIELD Act private data elements include not only social security number and driver’s licenses, but also biometric information, bank account numbers, and payment information.
All businesses with such data must adopt cybersecurity data safeguards that comply with the provisions of the SHIELD Act and are subject to notification requirements in the event of a data breach.
Companies will now be required to practice better cybersecurity hygiene. The New York State Attorney General can seek up to $250,000 for violations by a company, up from the previous statute’s $150,000.
Businesses that own or license personal information of New York State residents are now required to implement “reasonable safeguards” preventing breach of that information. These “safeguards” include:
- Assigning and designating one or more employees to implement a security program
- Establishing and implementing a security training program
- Testing and monitoring key controls on a regular basis
- Disposing of private information after a reasonable time frame
The deadline for data protection program is March 21, 2020, but data breaches must be recorded starting October 23, 2019.
ACE IT Solutions Can Help
ACE IT Solutions can help your firm assess your readiness to comply with the requirements of the SHIELD Act and other data privacy regulations and help your business implement best practices for achieving broader privacy risk and compliance objectives. We offer a comprehensive suite of customizable cybersecurity services to meet your organization’s specific risk profile and compliance needs.
Contact us to discuss whether your business is compliant with the SHIELD Act and learn what you need to do to come into compliance.