What is the New York SHIELD Act?

As a legal obligation to implement a comprehensive security program, the Stop Hacks and Improve Electronic Data Security (SHIELD) Act emerged in response to the heightened threat landscape and greater stakes posed by cybercrime, focusing on cybersecurity safeguards and changes to breach notification provisions. Any person or business that owns or licenses computerized data regarding the private information of New York state residents needs to comply with the New York SHIELD Act. Private information includes, but is not limited to: social security and driver’s license numbers; financial account numbers and email account information. The two key mandates of New York SHIELD are new cybersecurity safeguards and changes to breach notification provisions.

When does New York SHIELD go into effect?

Two specific dates are identified in the mandate: The October 23, 2019 deadline broadened requirements for existing regulations and the expanded definition of personal data to include, notably, biometrics. It also expanded the definition of a breach and increased fines for violations. March 21, 2020 requirements will require companies to implement administrative, technical and physical safeguards – with fines for noncompliance.

What are the penalties for failing to comply with NY SHIELD?

The New York SHIELD Act doubles the penalty recoverable by the state AG from $10 to $20 per failed notification and increases the maximum penalty from $100,000 to $250,000.

How can I learn more?

Download the Webinar “Yield for SHIELD”