The New York SHIELD Act: What businesses need to know
Lori Mentel | Strategic Account Executive
Worms, viruses, ransomware, bitcoin, CryptoLocker, Bad Rabbit… the list goes on and on. The state of our cyber footprint is under attack and it makes us all WannaCry!
As a provider of IT solutions, I’ve observed a lot of events over the past few years that have really opened my eyes and, quite frankly, it makes me afraid of what is to come.
I’m sure many of you feel the same way I do. That’s why we at TERACAI have done some pretty extensive research on the New York SHIELD Act and there are some things we want you to understand about it.
What is the New York SHIELD Act?
It used to be simpler to cover the bases when raising children and teaching them safety lessons: don’t talk to strangers, look both ways before you cross the street, call when you get there, don’t text and drive. Pretty basic stuff.
Now we have to worry that the bad guys are able to hack into our home security systems and watch us and our children. Having to check to see if your five year-old’s credit score has been compromised… what???
With these concerns in mind, a lot more legislation has been proposed and ratified recently. Included in this is the recently passed New York SHIELD Act.
Officially titled the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, it was passed into law in July 2019 and will go into effect March 21, 2020. The criminals are working at warp speed and those of us in the security industry are running a thousand miles an hour to try to keep up. IT security solution providers are increasingly being tasked with the neverending objective of protecting our client data and intellectual property.
The SHIELD Act is a game-changer for any company that holds NYS residents’ or companies’ information. Prior to the SHIELD Act, a breach was defined as unauthorized acquisition of private information. Now, mere unauthorized viewing of private information is considered a breach, whether or not the information is transferred out of the care of its custodian.
What does your business need to know about the SHIELD Act?
According to The National Law Review, “The law broadly requires that ‘any person or business’ that owns or licenses computerized data which includes private information of a New York resident ‘shall develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information, including, but not limited to, the disposal of data.’”
Private information, the definition of which is now greatly expanded, includes any individually identifiable information such as name, number, or other identifier along with one or more of the following:
- Social security number
- Driver’s license number or non-driver identification card number
- Account number, credit, or debit card number
- Security code, access code, or any info that would permit access to an individual’s financial account
- Biometric information, such as a fingerprint, voice print, retina or iris image, or other unique physical or digital identity representation
- A user name or e-mail address in combination with a password or security question and answer
What happens if your business doesn’t comply with the SHIELD Act?
Failure to comply with the new law could result in fines up to $5,000 per violation. That certainly seems like a steep punishment, especially when the scope of a potential violation seems so broad.
While this may seem extreme, or just another thing business leaders have to worry about, it is definitely an issue we in the technology industry need to address.
With so many external threats to our business data and personal information, now more than ever it’s imperative to have a strong security stance. Be sure to engage a partner with expertise to help you strengthen your security portfolio from top to bottom, and be in full compliance with the SHIELD Act.
TERACAI recently had an event with our security partner, Arctic Wolf, that covered the NY SHIELD Act.
Download the slides to that presentation here.