New York's SHIELD Act applies to businesses nationwide, with compliance required for anyone who does business with or holds personally identifiable information (PII) of New York residents. The following are key takeaways regarding SHIELD Act compliance.
S5575B, known as the "Stop Hacks and Improve Electronic Data Security Act" (SHIELD Act), was introduced in spring 2019 and goes into effect on March 21, 2020. The bill intends to protect New Yorkers' personal and private information in an increasingly digital world, and sets additional guidelines for data breach notifications involving PII. SHIELD, in part, amended New York's existing data breach notification laws to better match the current cybersecurity landscape while also introducing additional data security requirements for affected businesses.
Here are the top 8 details to know about the SHIELD Act that may affect your organization:
Reasonable Security Requirement
Any business which owns or licenses digital data which contains private information of any resident(s) of New York must develop, implement, and maintain "reasonable safeguards" through an organization-wide cybersecurity program, including: