New York state’s SHIELD Act goes into effect on March 21, 2020. It stands for Stop Hacks and Improve Electronic Data Security and requires companies to adopt security programs to reduce the risk of data breaches.
The SHIELD Act applies to any person or business that owns or licenses computerized data which includes private information of New York residents including biometric data, unsecured health information, financial account numbers and email addresses along with corresponding passwords or security questions and answers. Even small businesses (under $3 million in revenue and fewer than 50 employees) are required to comply, albeit with less stringent standards. This potentially impacts all New York businesses, as well as businesses in other states that have access to data of New York residents.
The SHIELD Act requires businesses to develop, implement and maintain “reasonable safeguards to protect the security, confidentiality and integrity” of New York residents’ data by implementing administrative, technical and physical safeguards, such as:
- Scanning for Vulnerabilities
- Implementing Access Controls
- Enacting Cyber Training
- Reviewing How Private Information is Stored / Disposed of
In order to prove compliance, companies can call upon the criteria established by NIST: The National Institute of Standards and Technology, which is considered a gold standard in security and privacy guidelines. The SHIELD Act will be enforced by the office of the NYS Attorney General.
Sandwire’s compliance division, ComplyRely, is NIST-ready and can provide documentation and guidance to protect your company. If you are unsure if your business complies with these new regulations, please contact us so we can review your IT hardware, systems and processes. ComplyRely provides services for the NY SHIELD Act/NIST, GDPR, CyberInsurance and HIPAA. Call us at (516) 861-3000 and ask for Karen Perry to learn more.