by Stephen D. Hans | Nov 8, 2019 | NY Data Privacy and Security Protection
Employers Must Comply with New SHIELD Law In July of 2019, the New York legislature passed the “Stop Hacks and Improve Electronic Data Security” (SHIELD) act. The new law provides greater protection for private information and broadens requirements for security breach notification. Which NY Employers Must Comply with the Law? The SHIELD law applies to all NY employers because private information includes individual names and Social Security numbers. Businesses that do not reside in New York but that do business with New York residents are also subject to the law’s security requirements. What Does Private Information Include? Private information includes: Name Social Security Number (SSN) Driver’s license number Credit or debit card number Financial account number Biometric information Username or email address and password to online account What Is Necessary for Compliance? To be in compliance with SHIELD, employers must implement a data security program that keeps private information secure and adheres to the act. How extensive the program must be depends on the size of the company and its business activities and the sensitivity of the personal information it gathers. If the business is already in compliance with the following laws, they are also in compliance with SHIELD: Gramm-Leach-Bliley Act HIPPA Security Rule New York Site Department of Financial Services’ Cybersecurity Requirements for Financial Services Companies What Are the New Breach Notification Requirements? The new law expands the definition of breach of the security system. Breach now includes unauthorized access of computerized data that compromises: Security Confidentiality Integrity of private information Breach also now extends to New York residents and not only New York businesses. A company may...
