New York’s SHIELD act to come into force on March 21, 2020. As more and more states take it upon themselves to create laws that protect consumers by issuing more rigid compliance regulations.
.On July 25th, 2019, Andrew Cuomo, Governor of New York City signed the Stop Hacks and Improve Electronic Data Security Act, aka SHIELD. The main goal of SHIELD is to protect customers while ensuring stricter compliance regulations for companies that collect data and information from its citizens.
The act requires every company (in New York and other states) with access to personal information of consumers, with virtually even one customer in New York to adopt a Cybersecurity protocol/ program. This Act will impact unregulated industries such as Real Estate, Retail and a few service industries that were, until now considered as unregulated and did not require to comply with the Cybersecurity requirement.
The Act covers a wider spectrum of businesses in New York
This act applies to any business that collects data from New York citizens and not just companies that conduct business in New York.
Security breach notification changes
Before the SHEILD act, only those customers whose data was actively breached would get a notification. With the application of the SHEILD Act, the definition of security breach includes even those customers whose data was simply accessed by an unauthorized party. This means more incidents and breaches will be brought to light.
SHEILD covers a larger set of personal information
The Act covers:
This allows to cover more security breaches and a higher number of factors are considered.
Businesses must start to comply within 240 days from when the Act was signed (March 21, 2020)
Lawyers should not breach confidentiality of information. They must take steps to ensure client information is protected against unauthorized access.
Identify vulnerabilities and implement safeguard measures
Identify network weak points and foreseeable risks to data, and implement security measures to protect sensitive data. Consult a cybersecurity expert like CompCiti that can provide appropriate security measures and avoid unauthorized access.
Hire a CISO
Consider hiring a full-time/part-time/virtual Chief Information Security Officer (CISO) or a designated person who conducts risk analysis and is responsible for reporting breaches to the New Yoke State Attorney General’s Office and other oversight agencies.
Conduct a regular risk assessment
Regularly check for risks and vulnerability in your network and third-party systems.
Workshops and regularly educating employees
New and current employees should be given regular Cybersecurity workshops either during their onboarding or periodically.
Adopt a company-wide Cybersecurity Program
The company should adopt a Cybersecurity program that is compliant with the SHIELD Act. If your company already has a program, it should be reviewed and updated to stay compliant to the SHEILD Act.
By August 2019, the New York State Attorney General’s office has levied more than $600 million in fines related to security breaches based on then-existing statues. With the SHIELD Act, the Office can seek up to $250,000 in violations by a company.
In the past few years, CompCiti has helped many small and mid-size firms from in and around New York to update and manage their Cybersecurity program. CompCiti helps businesses reduce cybersecurity risks and comply with government regulations.Along with the administrative, technical and proactive measures, CompCiti provides a set of steps to ensure proper compliance and risk management. With simple yet crucial steps such as data mapping, penetration test, risk assessment and etc. CompCiti helps businesses with virtual CISO service as well where they can hire a CISO on a part-time basis to develop and enforce a cybersecurity program.
Code item sample content