- April 2, 2020
- Posted by: Keith Frechette
- Category: Blog
This is a reminder that the data security requirements set in place by New York’s SHIELD Act went into effect on March 21, 2020. If your business operates in New York or even just has access to client data based in New York, you need to be compliant. Here’s what it means for you.
What’s The SHIELD Act?
The Stop Hacks and Improve Electronic Data Security Act (the SHIELD Act) was signed into law on July 25, 2019. This act amended the state’s current data breach notification and cybersecurity law and applies to any person or business that owns computerized data which includes private information. This applies to all industries, and even includes businesses and employers that have no physical presence in New York.
What Does The SHIELD Act Say?
The SHIELD Act updates New York’s cybersecurity and data protection law. You can view the updated provisions here, broken down by the National Law Review. But here are the bullet points:
- Added protection for personal information
- Expanded the definition of what counts as a data “breach”
- Expanded to include any business or entity with private information of a New York resident, not just those conducting business in New York
- Updated procedures in the instance of a breach
- New safeguard requirements
How To Make Sure You’re Compliant
The good news for many businesses is that if you are compliant with HIPAA or GLBA then you will be deemed compliant with the SHIELD Act. Those deemed compliant do not need to notify affected New York residents if their data is breached. However, they must still notify the New York Attorney General, the Department of State Division of Consumer Protection, and the Division of the State Police.
If your business operates in New York or has the private information of any New York resident, make sure you review and update your data security processes to comply with the SHIELD Act.
Get in touch to learn more about how GoldSky can keep your data secure today.