The New York Stop Hacks and Improve Electronic Data Security Act was signed by New York Governor Andrew Cuomo on July 25th, 2019 and went into full effect March 21st, 2020.
If you aren’t sure whether the SHIELD Act applies to your business, reach out to our team of Subject Matter Experts.
No matter what your unique needs are, we offer a custom-built Compliance as a Service package that will make it easy for your organization to achieve and maintain compliance.
The first 6 months of 2019 reported 3,800 publicly disclosed data breaches as reported by Forbes, exposing 4.1 billion compromised private records. It’s clear that data breaches are on the rise, and consumers want better protections — and New York State is taking their concerns more seriously.
The SHIELD Act updates New York’s current cyber-security laws. More specifically, it strengthens and expands upon data security and data breach notification requirements on companies who collect information on New York residents. Under this Act, organizations and individuals who collect private computerized data must implement and maintain reasonable administrative, physical, and technical safeguards.
The SHIELD Act raises the bar for consumer protection and victim notification. It holds any company accountable that does business within the state of New York, or that even collects information on NY residents. The new law expands consumer protections and notifications, and similarly imposes harsher punishments on businesses who do not comply with the Act.
The SHIELD Act introduces 4 major changes:
Every New York consumer is affected by the strengthened protections of the SHIELD Act.
Beyond that, the SHIELD Act has expanded the territorial scope of protections. Previously, the law was limited to companies or individuals who conducted business in the state of New York. Now, however, a company that has any customers in New York is affected – regardless of whether the company is based in another state or another country.
Any medium- and enterprise-sized company with even one New York customer needs to implement this new policy, and take reasonable measures in imposing security safeguards.
The SHIELD Act outlines a number of specific administrative, physical, and technical safeguards to be implemented and maintained.
Administrative Safeguards:
Physical Safeguards:
Technical Safeguards:
Does your business have these administrative, physical, and technical safeguards in place? Reach out to one of our Subject Matter Experts to perform an in-depth risk assessment of your data security standards. We’ll help you figure out exactly what you’re missing.
The New York State Attorney General can seek up to $250,000 for violations by a company who is found not in compliance with the SHIELD ACT. This is up from the previous statute of $150,000.
The number of reported healthcare data breaches increased 36.1% between 2018 to 2019 – from 371 reported breaches in 2018 to 505 reported breaches in 2019. This marked 2019 as the worst-ever year in terms of the number of reported healthcare breaches.
As a business, it’s more vital than ever to avoid incredibly costly fines and protect the private electronic information you collect.
The New York SHIELD Act is already in full effect, and your organization needs to assess its data security standards, making any adjustments as necessary to comply with the new law.
Reach out to us any time to chat with an expert about eVero’s Compliance as a Service options, and how we’ll customize them specifically for your business. We’ll quickly determine all the steps necessary to get you compliant with the New York SHIELD Act today.
Published originally February 27th, 2020 | Updated May 17th, 2020
Written by Jessica Zarrillo