Came into effect on March 21,2020, the Shield Act is a data privacy regulation that is applicable to any individual or companies which owns or licenses computerized data which encompasses private info of an inhabitant of New York. The act was designed to extend the existing NYDFS by enforcing more strict data security and breach notification requirements.
How to achieve SHIELD Compliance?
Want to get a step closer to SHIELD compliance? Listed below are some of the key tips you may want to stick to:
Find and categorize your private info:
It’s not uncommon for companies to have huge volume of private info dispersed all over their network. They’ll have private info kept in mobile devices, desktops, spreadsheets, cloud storage, and in many instances, private info is allocated through email and other communication means.
Having sensitive private information scattered over more than one location makes it really tough to monitor who has access to it. And if you have no idea who has access to your sensitive data, SHIELD compliance will not be a rational goal. Therefore, from a technical point of view, the 1st step towards SHIELD compliance would be to find out and categorize your sensitive information.
Impose “least privilege” access:
Private information access has to be limited in conformity with the “principle of least privilege”, which specifies that users are only permitted access to the data they require to conduct their obligations. Therefore, you’ll require guidelines in place which regulate how and when private information access should be permitted and cancel.
Monitor access to sensitive data:
You need to notify the pertinent authorities whensoever sensitive data has been acquired by an unsanctioned party. Certainly, in an effort to make such a declaration, you need to have discernibility into who has access to what info, when, how, where, and for how long.
Mostly, anytime sensitive data is accessed, transferred, altered or eradicated, you must be informed regarding it, or at the minimum have a clear account of the modifications, which you can inspect in quest of distrustful activity.
Is your business yet to be SHIELD compliance? Reach-out to a cybersecurity service provider like CompCiti for an assessment.