If you have private information belonging to a resident of New York State, the state’ new Stop Hacks and Improve Electronic Data Security (SHIELD) Act applies to you, whether or not you actually do business in the state. Signed into law on July 27, the SHIELD Act expands the state’s current data breach notification requirements and increases the penalties for breaches and failures to notify people of them.
The law now includes biometrics, as well as email addresses and their corresponding passwords or security questions and answers, in the state’s data breach notification requirements. It also updates notification requirements and procedures, expands the definition of a data breach to include unauthorized access to private information, and creates reasonable data security requirements tailored to the size of a business.
If you manage personally identifiable information of people who live in New York, you have until April 22, 2020 to prepare for it to take effect. Contact Xantrion for help implementing all the necessary security measures to keep you in compliance.