As large-scale data breaches are becoming a regular occurrence, the State of New York is taking action to protect its residents. On October 23, 2019, the first part of New York’s SHIELD Act went into effect. This legislation aims to help New York residents protect their personal data, but will this new law have any bearing on companies outside New York? We’re breaking down the details to help you understand how the SHIELD Act could impact your business

What is the SHIELD Act?  

In June 2019, the governor of New York signed Senate Bill S5575B into law. This law is better known as the Stop Hacks and Improve Electronic Data (SHIELD) Act.  

The SHIELD Act serves two primary purposes: it amends the state’s data breach notification statute and adds requirements for businesses to protect the personal and private information of New York residents.  

The legislation defines personal and private information as names, social security numbers, financial account numbers, usernames, email addresses, passwords, biometric data and health information covered under HIPAA (Health Insurance Portability and Accountability Act).  

Also included in the Act are details on how quickly businesses compromised by a breach need to notify the State of New York and the people affected.  

Will This Law Affect My Business?  

While this law affects all of New York State, there are broader implications. The Act specifies that any person or business that owns computerized data of a New York resident needs to comply with the SHIELD Act. This means that if your business is located in another state but serves someone living in New York, then you’re on the hook.  

How Does SHIELD Compliance Work? 

While the law goes into detail about what kind of information is protected, it’s not as clear regarding how to protect that data. Companies are required to take “reasonable security measures.” While not defined, updated cybersecurity software, regular employee training and risk assessments are generally recommended to keep your business safe from attacks.  The requirements for the recording of data breaches started October 23, 2019, and the deadline to adopt the reasonable security measures is March 21, 2020. Understanding what qualifies as “reasonable” measures can seem a little daunting, especially since the passage of something like the SHIELD Act is likely a precursor for similar regulations across the country in coming years. Fortunately, you don’t have to figure this out alone.  

How Can StoredTech Help?  

As people continue conducting more business online, the need for protecting people’s personal and private information from cybersecurity breaches will increase. Companies can get overwhelmed trying to run their business while keeping up with the latest regulations. That’s where we come in.  

StoredTech employs a team of cybersecurity experts who will work diligently to protect your data. We use the most robust security measures and stay updated on the latest data regulations. That way, you’ll always be in compliance. Regain your peace of mind and get back to running your business. Contact StoredTech today to find your solution.