New York Introduces New Data Protection Legislation

Fisher Phillips

Citing a sixty percent increase in data breach notifications from 2015 to 2016, New York Attorney General Eric Schneiderman recently introduced the Stop Hacks and Improve Data Electronic Security Act (SHIELD) bill.  The legislation would require companies that handle sensitive date of New York residents to adopt “reasonable administrative, technical and physical protections for data.”

The proposed legislation would impose penalties of up to $5,000 per violation or $20 per each instance of failed notification, up to a maximum of $250,000.   Small businesses would have less rigorous requirements, and there is a proposed safe harbor for employers of all sizes who obtain independent certification that their data protection measures meet the highest standards.

Currently, New York only requires that businesses safeguards personal information if that information contains a social security number, and to be held liable under the law, businesses must conduct business in New York.  SHIELD would require that individuals be notified if sensitive personal information, such as social security number, biometric data, username/password combinations, and protected health data protected under HIPAA, is breached or stolen.  Failure to comply with the legislation could result in a civil suit and penalties under the General Business Law.  SHIELD will apply to companies operating outside the state if they handle the sensitive, personal data of New York residents.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fisher Phillips | Attorney Advertising

Written by:

Fisher Phillips

Fisher Phillips on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.