What Is The New York SHIELD Act?
Over the past few months, organizations throughout the country have been focusing on the NY SHIELD Act. The new state legislation drastically expands the data privacy rights of New York residents. Discover the three key safeguards you need to implement to achieve compliance with this relatively recent security standard.
Before the NY SHIELD Act took effect, the business world’s focus had long been on the other side of the country. The California Consumer Privacy Act (CCPA) became effective on January 1, 2020, and mandated businesses to implement reasonable safeguards to protect private information.
Amidst the lack of federal laws to protect US citizens against data breaches and other cyber risks, the state governments have taken it upon themselves to contain this crisis. In fact, it’s projected that the total global annual cost of cybercrime damages will rise to a whopping $6 trillion by 2021!
So, how will the NY SHIELD Act help defend your sensitive client data from cyber-criminals? Keep reading to discover the three key safeguards your business needs to implement to achieve SHIELD compliance!
Check out our latest video to learn about the NY SHIELD Act:
Enough talk. Let’s dive in!
What Is the NY SHIELD Act?
The NY SHIELD Act stands for The New York Stop Hacks and Improve Electronic Data Security Act. It went into effect on March 21, 2020, to bolster the protection of New York residents’ private data against data breaches.
Although it was signed into law in July 2019, the SHIELD Act’s data breach notification rules came into effect later on and broadened the definition of Personally Identifiable Information (PII). The new rules also expanded the scope of reportable breaches and notification and reporting requirements.
And as of March 21, 2020, new data requirements in the Act have dramatically expanded client data privacy rights and forced businesses to rethink their data handling practices. However, in the context of the ongoing global pandemic, it wouldn’t be surprising if the updates slipped under your radar.
Does Your Business Need to Comply With the NY SHIELD Act? The NY SHIELD Act’s requirements are designed to impact “[a]ny person or business which owns or licenses computerized data which includes private information” of a New York resident. Unlike previously, the latest version of the law requires even businesses outside the state of New York to step up their cybersecurity plan, provided they collect New York residents’ data.
Besides holding private information belonging to New York residents, the SHIELD Act’s data security requirements apply to your organization if:
- You have more than 50 employees.
- Grossed more than $3 million annual revenue in each of the past three fiscal years.
- When calculated in accordance with generally accepted accounting principles, you have less than $5 million in total year-end assets.
What Are the SHIELD Act’s “Reasonable” Safeguards? Broadly speaking, to achieve compliance, an organization typically has to satisfy a specific set of rules and guidelines. However, the NY SHIELD Act does not mandate precise requirements. Instead, it provides a list of practices that are considered “reasonable” safeguards.
Let’s take a look at a few of the safeguards you should be implementing:
- Designate an individual or a team in charge of security programs.
- Performance a risk assessment to pinpoint reasonable, predictable external and internal threats.
- Review the sufficiency of the implemented safeguards.
- Train and manage employees in security program procedures and practices.
- Review threats in software and network design.
- Evaluate risks in data storage, processing, and storage.
- Detect, prevent, and respond to attacks or system failures.
- Assess risks to information storage and disposal.
- Detect, prevent, and respond to any intrusions.
- Dispose of private information after a reasonable amount of time.
Searching for the Most Reliable SHIELD Compliance Support?
Our experienced cybersecurity specialists at Mathe are eager to help you implement the NY SHIELD Act’s safeguards and defend your sensitive data.
Contact us now to get started!
With over 35 years in the business of supporting and implementing technology for the SME market, and 6 years previously in Corporate IT and Voice. I have seen a great deal of change. The only common thread is I have always focused on the Business Wise application of Technology. We always try to look 5 years ahead of the current technology to make sure our clients are on the right track to meet current and future needs.