Is Your Business Ready for The New York Shield Act?

Rudy Grippo • Apr 28, 2023

On July 25, 2019, the Stop Hacks and Improve Electronic Data Security (SHIELD) Act was signed into law, with companies required to comply with this no later than March 21, 2020.

SHIELD is designed to provide enhanced safeguards for consumer and business data. Any company, wherever you are (in the U.S. or abroad), that collects and processes data of New York citizens, needs to understand and get prepared for compliance with the conditions of this new data protection legislation.
In the event of a data breach, companies that have failed to comply fully with SHIELD could risk a $250,000 fine.

What does SHIELD mean for my business?

Despite layers of federal and state-level legislation to protect customer data, the SHIELD Act goes further and protects a much wider set of data categories. The State of New York has always been proactive when it comes to safeguarding data, with the Attorney General’s office responsible for issuing $600 million in fines for data breaches and non-compliance, as of August 2019.

Now under SHIELD , the definition of a data breach has expanded, and the amount of data companies need to safeguard has increased. Here is a summary of what this means:

SHIELD Compliance: More companies need to be compliant with this legislation. Even if you only have one customer in New York and you happened to be based in York, England, your company needs to adhere to the implementation of SHIELD.

What constitutes a data breach has expanded . Previously, it was only a data breach if customer data was taken by a third-party. Now under SHIELD, a data breach is when a third-party, or even an employee or contractor with no reason to review customer details, gains access. Even if nothing is taken, you need to notify everyone affected, and the AG’s office.

Increased scope under the protection of SHIELD.

As previously mentioned, the data categories have expended, so on-top of what currently needs to be made secure, the following fall within the scope of this new law:

  • Biometric information collected by facial recognition software, cameras, or apps;
  • Email addresses and passwords;
  • Security questions and answers;
  • Social Security numbers;
  • Driver’s license details, or non-drive ID card numbers, and details from those cards;
  • Bank account numbers, and any other payment details, including debit and credit card numbers, whether or not you also collect security or access codes (even if they’re collected by a third-party, such as a payment processor).

Sabre Integrated Solutions

Is your organization ready for the SHIELD Act?

If you haven’t heard of it or aren’t sure, now is the time to find out more. You could risk a $250,000 fine for non-compliance, and you need to be ready before March 21, 2020.

Protect your people

SHIELD means business. This is good news for customers, of course. But it does mean businesses need to work harder to verify and maintain compliance.

Data breaches and cyber-attacks

Data breaches and cyber-attacks happen every day. Millions of companies have been affected, and millions more may not be aware their systems have been attacked. The time it takes to discover a cyber attack is increasing. It’s getting more expensive to recover from a data breach.

Cybercriminals are getting smarter

More sophisticated viruses and social engineering attacks are being used to steal customer data. On the dark web, data is as precious as oil. SHIELD was created to provide more robust safeguards against a rising tide of security threats.

Every company needs to check their systems and processes are compliant, and if they aren’t, get solutions in place to make sure the data you collect is as safe as reasonably possible.

The State of New York recommends that businesses appoint one member of staff to conduct a risk assessment, or work with a trusted IT security partner, to verify compliance.

SHARE POST:

Clifford F Franklin

FOUNDER & CEO SABRE INTEGRATED SECURITY SYSTEMS, LLC

Clifford F Franklin has more than 40 years of experience in the security industry.

Leave A Comment

Search

Contact Sabre Integrated at 212.974.1700 or fill our the form below and we'll contact you.

Contact Us

Recent Posts

School & Campus Security Systems Insight

By Sabre Integrated 15 Aug, 2023
The sole purpose of educational facilities should be to create a favorable atmosphere for learning. To do this, a solid foundation of security must be established, which can be done by installing a thorough security system for campuses and schools from reputable school security companies.

Brivo and Eagle Eye Network Summit 2019: What We Found Out for You

By Rudy Grippo 28 Apr, 2023
In November 2019, we attended the second Brivo and Eagle Eye Network Summit in Austin, Texas. This is now becoming an annual chance to connect with fellow Brivo and Eagle Eye (EEN) partners and listen to some top security industry thought-leaders.

Celebrating 20 years as a commercial security provider in 2020

By Rudy Grippo 28 Apr, 2023
2020 is a big year.

3 Ways Video Surveillance is The First Line of Defense in Schools and Colleges

By Rudy Grippo 28 Apr, 2023
School security and teachers can’t be everywhere. Video surveillance fills a mission-critical security gap, making it easier for hallways, stairwells, elevators, cafeterias, playgrounds and other public spaces to be monitored.
Share by: