The New York Stop Hacks and Improve Electronic Data Security Act (or SHIELD Act) was signed into law in the summer of 2019. The SHIELD Act’s goal is to protect the data privacy of New York residents and expands on previous breach notification requirements while adding additional cyber security safeguards. Compliance is key to protecting your business reputation, employees, and customers. Here are some common reasons businesses have for not complying with this new law:
"We don't store any information."
Under this law, a breach is defined as unauthorized acquisition or access to personal & private information of any NYS resident. This information includes basic employee & customer identifiers that you probably have such as names, driver’s license numbers, and Social Security numbers.
"We don't accept credit card payments."
Payment Card Industry Data Security Standard (PCI DSS) applies to businesses that handle credit card payments. The NY SHIELD Act is an entirely separate security law that aims to protect the data privacy of New Yorkers.
"My company isn't located in New York."
This mandate increases the number of precautions any business with New York customers or employees needs to take in order to safely maintain personal and private information, regardless of physical office location.
"We have cyber insurance."
Cyber insurance is a great thing to have. However, many policies do not cover future profit losses or the cost to upgrade your technology to prevent subsequent breaches. It also cannot repair the damage to your business reputation when you experience a breach due to NY SHIELD Act noncompliance. The best course of action is to do everything you can to avoid a breach in the first place.
Click here to learn more about SHIELD Act regulations and requirements.