New York’s SHIELD Act, New Data Breach Legislation

New York’s SHIELD Act, New Data Breach Legislation

New York’s Stop Hacks and Improve Electronic Data Security or SHIELD Act is a data breach notification law that amends previous laws of a similar nature in the state of New York and imposes further restrictions and data security requirements on companies that collect information from New York residents. The SHIELD Act was introduced and ultimately passed in March 2020 in response to a report conducted by the office of New York State Attorney General Eric. T. Schneiderman that showed the state of New York experienced a 60% increase in data breaches in 2016. By placing additional requirements on companies who process the personal information of New York state consumers, the SHIELD Act seeks to broaden the scope of consumer privacy and provide better protection to New York consumers from data breaches of their personal information.

Under the Shield Act, personal information can mean either of the following:

What are the SHIELD Act’s requirements?

The SHIELD Act introduces significant changes to existing General Business Law 899aa including:

How do business entities maintain compliance with the SHIELD Act?

Business entities are considered to be in compliance with the SHIELD Act if they implement reasonable safeguards to prevent the leaking of a consumer’s personal data or information. This includes administrative, physical, and technical safeguards, and the law offers the following means by which to enact these safeguards and in turn ensure compliance:

What are the penalties for violating the SHIELD Act?

Business entities who fail to maintain compliance with the SHIELD Act are subject to civil penalties totaling $5000 per violation. What’s more, businesses and companies are also subject to a $250,000 fine for not properly notifying the appropriate authorities in cases where data breaches occur. The SHIELD Act makes exceptions for small businesses that employ less than 50 people and generate less than 3 million in yearly revenue, but these businesses are still required to implement security measures in accordance with the size and scope of their operations. All violations of the SHIELD act are considered to be deceptive business practices and are enforced by the New York Attorney General.

New York’s state’s SHIELD Act is one of the many online data privacy laws to be passed within the U.S. in recent years. As the personal information of consumers is being collected via the internet more than ever before, state legislation such as the SHIELD Act is growing increasingly necessary across the country. While the U.S. has yet to pass a federal-level general consumer data privacy law, such legislation is undoubtedly on the horizon. With the SHIELD Act, New York state consumers are one step closer to having their personal information and data protected at all times when using the internet.

Related Reads