What Are The Best Practices for Compliance with the SHIELD Act

Many states have recently updated their data privacy laws to reflect new security threats and technological advancements. A New York legislation governing notification procedures for data breaches went into effect on October 23, 2019. The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), which now covers businesses with operations in all 50 states, has a wider scope than the state’s prior data breach notification act.

The SHIELD Act may be applicable if a company owns or has a licence to use a New York resident’s data, in which case the company would be liable for disclosing any data breaches that compromise the privacy of New York residents.

Best Practices for Compliance with the SHIELD Act New York:

Conduct routine data checks:

Organizations must conduct routine audits to make sure they are aware of any data they may hold on New York residents. To stay organised and help with compliance efforts, it would be very beneficial to maintain a separate spreadsheet that details the different types of data that could potentially be covered by the SHIELD Act. Designate who is in charge of updates and which staff have access to the spreadsheet. Any business using this procedure will be able to decide quickly whether the SHIELD Act applies and who needs to be notified in the case of a breach.

Update Necessary Procedures and Policies:

Companies who maintain the personal information of New Yorkers on their systems should immediately assess and revise their breach notification procedures in light of the new regulation. The SHIELD Act’s application and exclusion dates, as well as any special notice procedures, should be specified in updated policies.

Educate and train your workforce:

Businesses should always make sure their staff members are aware of the laws that apply to their daily operations. To acquaint staff with the SHIELD Act New York and ensure they are ready in the event of a breach, policies should be circulated, informational meeting and training sessions should be held.


The number of businesses required to report data breaches involving residents of New York will rise thanks to the SHIELD Act. The number of actions and noncompliance penalties related to data breach notifications may also grow as a result of this regulation. Organizations covered by the SHIELD Act must review the legislation to become acquainted with all the rules and exceptions relevant to data breach notification. In the event of a data breach, using the aforementioned procedures will assist organizations in acting quickly and be in compliance with the new law.

Disclaimer: This content is created and provided by a third-party online content writer on behalf of CompCiti and is for promotional purposes only. CompCiti does not take any responsibility on the accuracy of this article.