SHIELD ACT Compliance Resource Center

Did you know that the SHIELD ACT has “extraterritorial application”? That means it covers all employers, individuals or organizations, regardless of location that collects private information on New York residents. SHIELD ACT.  Businesses were required to have a formal plan for compliance by March 2020.

 

 

SHIELD Act requires companies to implement and maintain reasonable security measures. Affected businesses must deploy safeguards to protect the security, confidentiality, and integrity of private information of New York residents including, but not limited to, secure disposal of data. The SHIELD Act introduces significant changes including.

As before the SHIELD Act, there are no exceptions for small businesses in the breach notification rule. A small business that experiences a data breach affecting the private information of New York residents must notify the affected persons. 

Businesses in New York State have two options to meet the requirements of the SHEILD Act. They can either do it in-house, or outsource the task to a managed service provider who specializes in cybersecurity for New York small businesses. 

Frequently Asked Questions:

How to comply with the SHIELD Act?

Businesses in New York State have two options to meet the requirements of the SHEILD Act. They can either do it in-house, or outsource the task to a managed service provider who specializes in cybersecurity for New York small businesses.

How is personal information defined in the SHIELD Act?

The SHIELD Act defines personal information as any information concerning a natural person which, because of name, number, personal mark, or identifier, can be used to identify them.

 

What are the penalties for failing to comply with the SHIELD Act?

If your organization fails to implement a compliant information security program, it can result in injunctive relief and civil penalties of up to $5,000 per violation.

If a cybersecurity incident does occur and involves the private information of more than 500 New York Residents, a written notice must be provided to the New York Attorney General within ten days after the determination. Businesses that fail to comply with this breach notification requirement can be held liable for the “actual costs or losses incurred by a person entitled to notice.”

Are there any exceptions for small businesses?

There are no exceptions for small businesses in the breach notification rule. A small business that experiences a data breach affecting the private information of New York residents must notify the affected persons.

When did the SHIELD Act become effective?

The SHIELD Act had two effective dates:

  • October 23, 2019 – Changes to the existing breach notification rules
  • March 21, 2020 – Data security requirements
How Security Awareness training can help your business comply with the SHIELD Act?

The purpose of security awareness training is to train employees on security practices because software alone often isn’t enough to thwart cyberattacks and prevent data breaches.

High-quality cybersecurity training should include several areas of security awareness and practice, including email phishing testing and education, social engineering defense, and practice exercises.

Article

UHS Hit With Massive Ransomware Attack

SHIELD Act Compliance: The Definitive Guide for New York Businesses 

The New York Stop Hacks and Improve Electronic Data Security Act or SHIELD Act, was enacted on July 25th, 2019, as an amendment to the New York State Information Security Breach and Notification Act.

 

Compliance Guide

New York SHIELD Act Compliance Guide

 As the number of employees remotely increases, so do the cybersecurity risks facing their companies. This guide and checklist provides a high-level framework for protecting against the cybersecurity threats facing them.

Article

UHS Hit With Massive Ransomware Attack

How Security Awareness Training Can Help your Business Comply with the SHIELD ACT.

Is your business complying with NY SHIELD ACT? Security Awareness Training can assist NY businesses with ensuing employees understand compliance.

Cheatsheet

New York SHIELD Act Compliance Cheatsheet

 Audit your current environment to determine what data you have that would meet the standard of “private information of a New York Resident”. Then begin to enact an action plan for compliance.

Talk with an Expert Icon

Schedule a Cybersecurity Posture Review

Provide your contact information below and one of our experts will contact you within one business day.

To speak with someone immediately, give us a call at (706) 941-5773.