What is the New York SHIELD Act?
Who is subject to the Act?
When is the deadline for compliance?
There are a lot of questions out there about the New York SHIELD Act and not a lot of information being communicated to business owners. To my knowledge, no State agency is sending notices to business owners and there’s not been a lot of news about the SHIELD Act in the business press either. So that leads me to believe that a lot of business owners will not know that this regulation goes into effect on March 21, 2020! Yes, just a few short weeks away.
This video will explain some of the details further:
Just about every employer in NY is subject to the law, and any business doing business with a resident of New York is also subject to the law if they collect and maintain private data on those customers. Private data includes a record holder’s name, social security number, driver’s license number, credit or debit card info, and so forth. That’s a huge swath of people you employ or do business with.
How do you become compliant with the NY SHIELD Act?
Your firm must implement and maintain a “data security program” or have “reasonable security controls” in place. What are reasonable security controls? Or a Data Security Program?
The law does not specifically indicate what those phrases mean, but your IT professional or legal counsel can help sort that out. Below, we’re including in this post a Cyber Security Planning Guide which should help you formulate your action plan for compliance.
In addition, some cyber policies do provide some of the pre-breach services which may help you gain compliance.
Finally, it’s important to understand that the SHIELD Act is a pretty aggressive piece of legislation. Failure to comply with it can result in significant fines and penalties. Here’s a link to the legislation
The Act also broadens the definition of what a security breach is, and what will require notification of affected record holders. Notification is a key provision of a cyber policy so if you haven’t purchased cyber coverage NOW is the time to do so. Cyber insurance can be a very significant and necessary resource should your firm be hacked.
Let us show you how easy and affordable cyber can be and contact us today!