New York businesses are required to take steps to keep their computer and digital data secure. A data security breach can therefore mean significant liability for a company. To avoid problems, it is best to adopt policies and procedures in compliance with the law. But any New York company should also understand the risks of having weak cybersecurity safeguards. A breach, in other words, isn’t the only way your business might be exposed to legal problems. Rosenbaum & Taylor is here to provide guidance for your business.
New York’s SHIELD Law
The Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, went into effect in 2020. It requires companies to take significant steps to protect their customers’ and other individuals’ data. Even companies with existing cybersecurity programs will need to reevaluate what they do to shield data from hackers.
There are two main components of the law. The first concerns when businesses must notify the public that there has been a breach. A company must timely provide such notice so affected customers can take steps to secure their information. The triggering event for a notice is when someone obtains unauthorized access to sensitive information. Then comes the second component: companies must adopt “reasonable safeguards” of such data.
Notably, the “reasonable safeguards” rule varies depending on the size of the business. A small business (under 50 employees and less than $3 million gross revenue) must have safeguards appropriate for its size. This provides some degree of flexibility for what a small business must do. After all, most small companies cannot afford the same technology as larger corporations. As for those bigger companies, the SHIELD Act provides specific examples of which measures to adopt.
The state attorney general can take legal action against a company that fails on either front. This means late notification or weak cybersecurity protocols could expose a company to fines. Those fines may be up to $5,000 per violation.
How a Business Attorney Can Help
Even if your company has cybersecurity procedures in place, it’s a good idea to review them, considering the new law. A skilled New York business attorney can assist in the following ways:
- Reviewing with your company’s ownership and leadership what the SHIELD Act requires
- Reviewing your existing data policies to determine if they are compliant
- Recommending new policies and procedures to strengthen your existing ones
- Requiring employees to learn and agree to updated policies
- Training and re-training employees and key individuals within your organization concerning their responsibilities as to cybersecurity
An understanding of the cybersecurity laws is critical to protecting your company. But so is knowledge of the technical requirements that must be implemented. We partner with companies’ IT departments to make sure safeguards are “reasonable” under the applicable legal standard. We also defend companies who have experienced a breach by handling communications with the public, the attorney general, and others.
We’re Here to Protect Your Company’s Future
The state attorney general’s office has indicated a willingness to enforce the SHIELD Act and similar measures. Companies who are slack in their cybersecurity, even if there’s been no breach, could be fined. That may spell serious damage to your company’s bottom line and loss of reputation with the public. We can assist your business in complying with these and other legal requirements. Schedule a consultation with Rosenbaum & Taylor today.