New York SHIELD Act: Where Do I Begin?

CynergisTek is pleased to provide the second in our occasional series of articles on important topics that will impact organizations long-range planning and strategic approaches to managing information assurance.

For this edition of “Consider This….” we look at the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). The SHIELD Act updates and expands New York’s laws for breach notification requirements and the types of information that is protected from unauthorized disclosure. Beginning in October 2019, New York’s breach notification requirements will apply to any organization that controls or processes information of a resident, not just those that conduct business in New York State. Separately, all breaches of protected health information reported to the Office for Civil Rights must also be reported to the New York Attorney General.

The SHIELD Act also enacts stronger requirements for businesses to have data protection safeguards in place to protect information collected or maintained about consumers. Beginning in March 2020, the SHIELD Act sets minimum standards for administrative, technical, and physical safeguards that businesses may be required to implement through an information security program.



Request Free!