The Stop Hacks and Improve Electronic Data Security Handling (SHIELD) Act is expected to be passed shortly in the New York State Senate that would update the state’s data breach notification law to cover more personal information and compel firms to disclose ransomware infections and more. The legislation would also extend to businesses that holds sensitive data of New York residents, rather than only firms that do business in the state.
"[NY's] Stop Hacks and Improve Electronic Data Security Handling (SHIELD) Act also would cover any business that holds sensitive data of NY residents, rather than only firms that do business in state. It’s an important detail cribbed from the EU’s #GDPR:"https://t.co/aBh9nXg48O
— Center for Democracy & Technology (@CenDemTech) May 31, 2019
“New York will be taking more than a page from the EU’s GDPR if it passes the SHIELD Act this week. The law would apply to any person or company, regardless of their location, that has the private information of a New York resident. Businesses should start preparing for the inevitable passage of more such laws by putting together a data security program with a dedicated program coordinator and drawing up contracts that require third parties to have strong security measures in place. If your business has a website or mobile app that can be accessed by NY residents and, like most digital assets these days, that collect information from users, you will need to ensure that you and your third parties, who run more than half the code on your website and app, have robust security defenses to prevent a data breach. Now is not the time to take a wait-and-see approach.”
Dov Goldman, Director of Risk & Compliance at Panorays:
“NY has a new privacy law in the works, and it is likely to have a tremendous impact. Despite the cumbersome name for the prospective legislation, the “Stop Hacks and Improve Electronic Data Security Handling” act (also called “SHIELD,” which is probably the moniker most will use), will effect change on a national and perhaps even international level. NY regulates thousands of financial service firms that are headquartered or just have a presence in the state. The new law will likely apply to many more companies, as SHIELD will require a business that has been breached to notify impacted NY residents, whether or not the business is located in the state. In this regard, SHIELD may be to the US what GDPR has been for Europe. NY’s DFS Part 500, a previous regulation of cybersecurity in the financial services space, is widely respected as a clear and well designed guideline. If SHIELD is equally effectively structured, it could become a model for future privacy regulations from other US states.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.