Expert On New York’s Shield Act

By   ISBuzz Team
Writer , Information Security Buzz | Mar 24, 2020 04:04 am PST

A major provision of New York’s Shield Act has just gone into effect that broadens the scope of consumer privacy and data security protection and goes much further that other current data privacy laws.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Dov Goldman
Dov Goldman , Director of Risk & Compliance
March 24, 2020 12:05 pm

It\’s natural to compare the NY Shield Act to CCPA and GDPR. Like CCPA, the Shield Act includes biometric data in its purview. Like GDPR, the Shield Act broadly defines coverage to be any company having data of residents in its geographic scope. Unlike either of these earlier privacy regulations, however, the Shield Act mandates a \”reasonable security\” program, and goes on to define quite specifically what that means. It includes identifying external risks and implementing a vendor cybersecurity due diligence program that ensures providers are able to maintain safeguards. The Shield Act departs significantly from CCPA and GDPR by mandating notification for \”unauthorized access to private information,\” where the other laws only require it when there is an actual breach. But where NY Shield Act may have its greatest impact is the enforcement authority it empowers: the NYS Attorney General. NY\’s chief legal office has a history of aggressive legal action, and for this reason, companies that are \”in scope\” for this very well-crafted new privacy law will be well advised to pay attention!

Last edited 3 years ago by Dov Goldman

Recent Posts

Would love your thoughts, please comment.x