The New York Stop Hacks and Improve Electronic Data Security Act (Shield Act) was passed on July 25, 2019 as a revision to the New York State Information Security Breach and Notification Act. The law comes into effect on March 21, 2020. With the objective of reinforcing protection for New York residents against data breaches affecting their private info, the SHIELD Act enforces more extensive data security and updates its existing data breach notification requirements.
The Shield Act New York basically enforces 2 broad obligations:
- Keep private info safe
- Provide notice of data infringements
Each of these compulsions is made up of particular rules and requirements. Businesses are liable for weighing and lessening risk, and for responding to a data breach proactively.
Why is the SHIELD Act critical?
The Shield Act is critical because it has “extraterritorial application” which means it covers all individuals, employers, or companies, irrespective of location, that collect private info on New York residents. Earlier, data breach notification requirements were limited to those that perform business in New York.
The other vital part is the compulsory execution of a data security program with specific protections such as workforce training, risk assessments, incident response planning, etc.
Who has to comply with the SHIELD Act?
The SHIELD Act largely needs that “any person or business” that owns or licenses computerized data which encompasses private info of a New York resident “shall develop, execute and maintain judicious protections to safeguard the security, privacy and honesty of the private info, including, but limited to, the disposal of the data”.
That said, entities with a data security compliant under the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the New York State Department of Financial Services Cybersecurity Regulation and the Health Information Technology for Economic and Clinical Health Act (HITECH) are exempted as these regulations are reckoned in compliance with the SHIELD Act.
Penalties and consequences of not complying with the SHIELD Act?
Falling short to comply with the regulations laid out in the SHIELD Act may face civil penalties of up to $5,000 per defilement.
If you don’t want to pay such a big penalty or face other consequences of not complying with the regulations laid out in the SHIELD Act, you must contact CompCiti. In the last few years, CompCiti has helped many SMBs in and around New York to update and manage their Cybersecurity program. The company provides a set of steps to ensure proper compliance and risk management. To know more about how they can help with SHIELD Act compliance, call (212) 594-4374!
Disclaimer: This content is created and provided by a third-party online content writer on behalf of CompCiti. CompCiti does not take any responsibility for the accuracy of this Content.