In July 2019, the New York State Senate passed the “Stop Hacks and Improve Electronic Data Security” (SHIELD) Act to increase cybersecurity protections. The law applies to any person or business operating in New York in connection with owning or licensing electronic personal private data. Companies are required to have safeguards in place to protect the private information of New York residents. Any business with New York presence is required to comply regardless if the business has physical operations within the state or not. What does this mean for you? If your company is conducting business that handles private information within New York, or maintains private information of New York residents, the SHIELD Act will be applicable to you!
This law will have a greater impact on some industries, such as real estate, retail, technology, and other service industries. For example, a mid-size real estate management company based in New York that maintains tenant information of New York residents is now required to implement a cybersecurity program to protect the personal data of those tenants. Similarly, a New York real estate developer that has employee information would also likely be included under the requirements of the SHIELD Act.
Private information can be any of the following: social security number, driver’s license number, credit or debit card number, financial account number, biometric information or a username/email with a password that grants access to an online account. Essentially, any type of information that can aid in identification of an individual or business.
Withum’s Cyber and Information Security Services are designed to support anyone (e.g. individuals, family run offices, commercial companies operating within regulated and non-regulated industries). Withum has the expertise and the latest technology in risk identification, determining protection levels of critical assets (such as a New Yorkers’ “private information”), ability to independently validate an organization’s privacy and security controls effectiveness, provide real-time active and passive intrusion detection (e.g. with internal employees and/or external hackers). We can help you assess if your current policies and security program comply with the Shield Act and assist you in implementing additional safeguards to comply with the new rules including the implementation of active data privacy, regulatory, and security monitoring tools that will not only help ensure real-time and/or passive compliance; but can also can provide daily, weekly and/or monthly metrics for the C-Suite / Senior Executive Leadership to independently validate your organizations effectiveness to comply with the NY SHIELD Act, as well as other business requirements.