New York SHIELD Act Compliance
The most important point about the new NY Shield act is any business that holds private information of a New York resident - regardless of whether that organization does business in New York - is required to comply and fines can be hundreds of thousands of dollars.
On October 23, 2019 changes take place to New York’s data breach notification statute, to provide updated definitions and additional coverage.
New data security protections are effective on March 21, 2020.
SHIELD stands for Stop Hacks and Improve Electronic Data Security Act and was inspired by government and legal action against Equifax which ultimately cost the company billions of dollars.
It requires companies to comply with a reasonable security requirement. They must develop, implement, and maintain reasonable safeguards to protect the security, confidentiality, and integrity of the private information including, but not limited to, disposal of data.
There is also a new definition of private information - now included are account numbers, credit and debit card numbers, biometric information, user name/password combinations and more.
Companies must designate an employee or service provider to help them stay secure.
If a cybersecurity incident occurs and affects more than five hundred New York residents, written determination must be provided to the New York Attorney General within ten days after the determination.
The per-record beach fine is $20 and is capped at 12,500 records.
Reckless violations can cause a fine of up to $250,000.
The fine itself will likely be a small part of the cost of a breach. IBM research shows the average cost of a small business breach is $2.5 million. Typical breaches cause a loss in customers, lawsuits, business disruption and a lot more. We have sadly seen bankruptcy. The fine is an additional pain which must be endured. Also - cybersecurity insurance rates will likely increase dramatically as a result of a breach.
With so much at stake - companies can always benefit from a second opinion.
Apex Technology Services can help by providing IT consulting, cybersecurity and ongoing support services. We can help with establishing safeguards to protect the security, confidentiality, and integrity of the private information. We work in the most demanding financial and medical environments imaginable - where the threats are constant.
We are happy to assist in keeping your business running securely.