The “Stop Hacks and Improve Electronic Data Security Act” (aka SHIELD Act), was signed into law in July 2019, and fully takes effect on March 21, 2020. This law has several parts.

First, it broadens the definition of what data must be protected, to include “private information” in additional to “personal information”. This sounds insignificant, but has big implications which we’ll discuss in a future video.

SHIELD also broadens the definition of the term “Breach” to include unauthorized “access” to the data. Previously, NY laws considered it a breach only if data was copied or exfiltrated. And thirdly, SHIELD mandates that businesses that collect private information on New York State residents, must implement reasonable cybersecurity safeguards to protect that information.

The law describes the framework for these cyber security programs, which include implementing cyber security best practices similar to the ones other regulations require. Note that there is some flexibility in the law for smaller businesses to implement their Cyber Security program in a way that is appropriate to amount and sensitivity of the data that that business handles.

Fines for noncompliance with the law can be as high as $5000 per violation, up to $250,000 total.

While implementing SHIELD may feel like a burden for many businesses, it’s good to remember that this law was created for a reason.

Cyber Security attacks have been increasing drastically year over year. As a result, more data is being stolen today than ever before, and millions individuals are being personally affected as a result.

New York State is the fourth state to adopt these kinds of regulations to help protect its residents from becoming the victims of a cyber security attack. Many other states are currently considering similar legislation.

The only reasonable way to protect the sensitive data that your company collects is to implement cyber security best practices.


You may also like...


Who must comply with the NYS SHIELD Act?

The NYS SHIELD Act broadly requires compliance by “any person or business” that owns or licenses computerized data that contains private…

Read More →
Cyber Security

Cyber Security for SMBs

This was a live webinar I gave to help inform Small Business owners/operators on the cyber security threats facing them today and some…

Read More →
When To Hire Your First Internal IT Person
IT Support

When to hire your first internal IT person?

Techromatic works with a lot of companies as they scale up from under 30 employees to over 100. But when is the right time to bring IT &quot

Read More →