What Is the New York SHIELD Act?
The recently enacted NY SHIELD Act is a wake-up call not just for businesses in New York State but across the country to step up their cybersecurity strategies. Discover the three critical safeguards needed to achieve SHIELD compliance and protect your client data.
The annual estimated global cost of cybercrime damages is predicted to rise from $3 trillion in 2015 to a shocking $6 trillion by 2021. And until the national government comes up with federal laws to safeguard American citizens from data breaches, the burden of containing this crisis falls on state governments.
The New York SHIELD Act is one such data privacy law that aims to protect New York State residents’ private data. Over the years, K² Technologies has helped several of our clients’ businesses to achieve compliance with emerging data privacy and breach notification laws. But first, you need to know what the NY SHIELD Act is and what it means for your business.
Watch this short video to get started:
What Is the NY SHIELD Act?
The NY SHIELD Act is short for the New York Stop Hacks and Improve Electronic Data Security Act. Although it was signed into law in July 2019, the data breach notification rules came into effect a bit later on. The new rules broadened the scope of Personally Identifiable Information (PII), reportable breaches, as well as reporting and notification requirements and took effect in October 2019.
However, against the backdrop of an ongoing global pandemic, it wouldn’t be surprising if you missed the Act’s new data security requirements. As of March 21, 2020, the NY SHIELD Act’s new requirements have far-reaching implications even for non-New York businesses.
Does the NY SHIELD Act Apply to Your Business? The NY SHIELD Act’s latest version applies to any company that holds New York residents’ data and doesn’t merely address New York-based organizations. Apart from holding New York residents’ data, the Act applies to your organization if you:
- Have above 50 employees
- Grossed more than $3 million annually for the past three fiscal years
- Have less than $5 million in year-end assets
What Does the NY SHIELD Act Mean for Your Business? The Act’s significance to your organization may be viewed in two ways:
- The Act requires your business to disclose and report any breach (unauthorized access or acquisition) to the New York regulators.
- Your organization must implement safeguards to protect the security, confidentiality, and integrity of private information.
Although it does not outline precise requirements, the Act highlights several practices it considers reasonable safeguards. The Act mentions three categories of safeguards, each with its list of recommended procedures:
1. Administrative Safeguards:
- Assign an employee or an entire team to coordinate your organization’s security program
- Identify reasonably predictable external and internal risks
- Evaluate the efficiency of the implemented safeguards
- Train and manage employees on the security program
- Select vendors that can uphold the necessary safeguards by ensuring this is stipulated in your contract
- Update your security program to take into account changing circumstances
2. Technical Safeguards:
- Evaluate threats in software and network design, data processing, transmission, and storage as well
- Prevent, detect, and respond to system failures or attacks
- Routinely test and monitor the efficiency of crucial systems, controls, and procedures
3. Physical Safeguards:
- Evaluate the threats to your information storage and disposal
- Prevent, detect, and respond to intrusions
- Defend against unauthorized use of or access to private data
- Dispose of private data within a reasonable period after you no longer need it
- Erase private data in a way that it can’t be reconstructed or read
Looking for the Most Reliable SHIELD Compliance Support?
Our experienced cybersecurity specialists at K² Technologies are eager to help you implement the NY SHIELD Act’s safeguards and protect your client data.