New York state’s SHIELD Act goes into effect on March 21, 2020. It stands for Stop Hacks and Improve Electronic Data Security and requires companies to adopt security programs to reduce the risk of data breaches.
The SHIELD Act applies to any person or business that owns or licenses computerized data which includes private information of New York residents including biometric data, unsecured health information, financial account numbers, and email addresses along with corresponding passwords or security questions and answers. Even small businesses (under $3 million in revenue and fewer than 50 employees) are required to comply, albeit with less stringent standards. This potentially impacts all New York businesses, as well as businesses in other states that have access to data from New York residents.
The SHIELD Act requires businesses to develop, implement, and maintain reasonable safeguards to protect the security, confidentiality, and integrity of New York residents data by implementing administrative, technical, and physical safeguards, such as:
- Scanning for Vulnerabilities
- Implementing Access Controls
- Enacting Cyber Training
- Reviewing How Private Information is Stored / Disposed of
In order to prove compliance, companies can call upon the criteria established by NIST: The National Institute of Standards and Technology, which is considered a gold standard in security and privacy guidelines. The SHIELD Act will be enforced by the office of the NYS Attorney General.
Sandwire’s compliance division, ComplyRely, is NIST-ready, and can provide documentation and guidance to protect your company. If you are unsure if your business complies with these new regulations, please contact us so we can review your IT hardware, systems, and processes. ComplyRely provides services for the NY SHIELD Act/NIST, GDPR, CyberInsurance, and HIPAA.