New York SHIELD Act Requires Safeguards to Protect Private Information

    We are here for you!

    The Stop Hacks and Improve Electronic Data Security Act – also known as the NYS SHIELD Act took effect on March 21, 2020, and most New York State employers must comply.*

    What is the New York SHIELD Act?

    The New York SHIELD Act is an amendment to New York’s data breach notification law. First signed into law on July 25, 2019, it covers breaches of certain personally-identifiable computerized data or Private Information data. It also imposes data security requirements on businesses that own or lease Private Information of New York residents, regardless if they do business in New York State. There are potential civil penalties for not complying with the law.

    What is required under The New York SHIELD Act?

    The data security requirements of The New York SHIELD Act requires businesses that own or license private information of New York residents to implement certain protections, such as:

    Reasonable administrative safeguards include the following:

    • Designating one or more employees to coordinate the security program identifying reasonably foreseeable internal and external risks.
    • Assessing the sufficiency of safeguards in place to control the identified risks.
    • Training and managing employees in the security program practices and procedures.
    • Selecting service providers capable of maintaining appropriate safeguards, requiring those safeguards by contract.
    • Adjusting the security program in light of business changes or new circumstances.

    Reasonable technical safeguards include the following:

    • Assessing risks in network and software design.
    • Assessing risks in information processing, transmission, and storage.
    • Detecting, preventing, and responding to attacks or system failures.
    • Regularly testing and monitoring the effectiveness of key controls, systems, and procedures.

    Reasonable physical safeguards include the following:

    • Assessing the risks of information storage and disposal.
    • Detecting, preventing, and responding to intrusions.
    • Protecting against unauthorized access to or use of private information during or after the collection, transportation, and destruction or disposal of the information.
    • Disposing of private information within a reasonable amount of time after it is no longer needed for business purposes by erasing electronic media so that the information cannot be read or reconstructed.

    Want to learn more about The NYS SHIELD Act?

    for a no-obligation phone call

    Does the NYS SHIELD Act apply to your business?

    Yes, you need to be in compliance with the New York SHIELD Act law right now If your business possesses computerized data and the private information of New Yorkers.

        Ask The CTO

        Whawenst DuvetChief Technology Officer

        Ask The CTO

        Welcome to the Ask The CTO series.

        Dealing with technical issues and not sure what to do?

        Do you have technical questions that you would like to discuss and get answered?

        Schedule a call with our CTO -  As part of his job is to examine the short- and long-term needs of our clients and find the best solution that fits their needs. His goal is to help companies make the best decisions to reach their company objective and goals.

          How it worksGet an IT Solutions Quote

          Please call us at 1.646.681.4848 or complete the form. One of our engineers will contact you shortly.

          Choose Your Plan

          If we're the right fit, you'll choose the IT service agreement that works best for your organization.

          Let's Talk

          We'll chat about your business, how you use technology, and what you want to get out of IT.

          Start Your IT Experience

          Within days, you'll be experiencing IT like never before.

          How many people work for your Organization?