What Your New York Business Needs to Know About the SHIELD Act

The SHIELD Act. shield act

Does your business handle sensitive client or customer data, including by electronic or digital means? If so, you need to understand what the SHIELD Act is. SHIELD stands for Stop Hacks and Improve Electronic Data Security, and there are significant penalties for violating this law. To learn more about your legal obligations, talk to an experienced New York business lawyer.

Rosenbaum & Taylor explains what your company needs to know about this law. You can contact us at 914-326-2660 for a free consultation.

The Basics About the SHIELD Act

Signed into law in July 2019, the SHIELD Act is an amendment to a previously existing information security law. It strengthens data security in the state by doing the following:

  • Broadening the types of private data for which businesses must provide notice to consumers in the event of a breach
  • Mandating that businesses develop, implement, and maintain reasonable measures to protect the security, confidentiality, and integrity of this private information

The previous law defined a security breach as an unauthorized acquisition of computerized data. Such acquisition is one that compromises the security, confidentiality, or integrity of private and sensitive data. The SHIELD Act expands the definition of a security breach. It now includes “access” to computerized data that compromises the confidentiality, security, or integrity of private data.

What Kind of Private Information Is Covered by the Law?

In combination with the prior law, the SHIELD Act is intended to protect a person’s:

  • Social Security Number
  • Driver’s license number
  • Account number
  • Biometric information
  • Username or email address
  • Password credentials

What Kinds of Safeguards Must a New York Business Adopt?

There is not an exhaustive list of every type of measure a company should or must adopt to protect private information. A knowledgeable New York business law attorney can review your company and recommend specific safeguards.

New York data security law concept.

These are some possible steps your business could take:

  • Name at least one employee who can manage your internal security program
  • Identify and manage internal and external risks that are reasonably foreseeable
  • Determine whether the existing safeguards are sufficient to control these risks
  • Adopt procedures to securely store and limit access to sensitive data
  • Regularly test, monitor, and adjust key controls, procedures, and systems
  • Protect against unauthorized access to sensitive information
  • Destroy or otherwise render unusable sensitive data after it is no longer needed for business purposes

What Happens If a Breach Occurs?

The affected business must notify customers and clients affected by a security breach. Consistent with the needs of law enforcement, this disclosure must be made as expeditiously as possible. You should also provide notice to:

Submission of a breach form through the OAG’s reporting portal will automatically notify the three major credit bureaus. However, it’s strongly recommended that you also consult legal counsel to protect your business. More steps will likely need to be taken and this should be done with the assistance of an attorney.

What Are the Penalties for Violating the SHIELD Act?

Injunctive relief, restitution, and penalties may be sought against any business that violates the law. Failure to provide timely notification could result in a penalty of up to $20 per instance, up to $250,000. For failure to maintain reasonable safeguards, the court could impose a civil penalty of up to $5,000.

We Can Help Ensure Your Business is Compliant With the Law

The above is a broad overview of the SHIELD Act. It’s a good idea to review additional details about the law with a knowledgeable New York business attorney. Rosenbaum & Taylor can assist. We can also defend your business in the event action is taken to enforce the SHIELD Act against you.

Connect with our law firm today to learn more. You can contact us at 914-326-2660 for a free consultation.

Further Reading...

Get a Free Consultation