NY State SHIELD Act And The Impact On Cincinnati Businesses

On July 25, 2019, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security (SHIELD) Act.

The law boosts the protection of consumers’ private information and holds accountable any company that does business within the state. Here’s what you need to know.

Legal Changes of the SHIELD Act

  • The NY law expands requirements for data security and data breaches, including consumer notifications mandates that apply to any business collecting private data from New York residents.
  • The Act redefines the term security breach. Any breach that gives an authorized party access to a consumer’s personal information qualifies under the updated law. It requires notification about the breach to the consumer.
  • NY law now protects a wider array of personal information. SHIELD includes biometric information gathered from software for facial recognition, corneal scans, fingerprints, or other identification, email addresses, passwords, security questions, security responses, Social Security numbers, driver’s licenses, non-drive ID card number, banking, debit, and credit card account numbers, as well as their access codes.
  • All companies doing business with NY consumers had until March 21, 2020, to update their security protocols.

How 4BIS Can Help with the SHIELD Law

If you already do business in NY, you probably have taken steps to update your security measures. If you have not though, contact 4BIS of Cincinnati. We have served Ohio with Information Technology services since 1996. We can help you update your protocols and plan breach responses. Developing a better security plan and implementing it can help you better protect your company and consumers.

Our managed security services then help you maintain security and monitor your systems. Our managed IT services include cloud managed services so you can transition your business onto the cloud to enhance security. We go beyond protecting you from ransomware, Trojans, and the like. We provide email security solutions, disaster recovery planning and recovery, business continuity planning, network, and computer security, and data backups.

Legal Requirements and Penalties

The SHIELD law requires each business to “implement reasonable safeguards” that protect personal information from data security risks. To do so, you should use vendors who also apply appropriate security measures and protections.

The law also requires each business to name a security program coordinator (SPC). The SPC conducts a risk assessment, creates the security plan, implements the security program that protects against the enumerated risks, and reports security breaches to the New York State Attorney General’s office and other appropriate oversight agencies.

Each business must continually assess information transfer risks as well as risks involving hardware, software, servers, and systems.

Companies that do not comply can get hit with fines of up to $250,000. By August 2019, the NY Attorney General fined businesses $600 million for breaches and violations.

Contact 4BIS to get started on your updated security plan. We can help you meet all the requirements of the SHIELD law and monitor your security. We can implement the necessary software and hardware for you. Call us today.

James Forbis
Written by James Forbis
Posted on: November 30, 2020