NY SHIELD Act - Are You Ready To Comply?

Bond Schoeneck & King PLLC
Contact

Bond Schoeneck & King PLLC

As you likely already know, on July 25, 2019, Governor Cuomo signed into law the New York Stop Hacks and Improve Electronic Data Security Act (“SHIELD” or “the Act”). Imbedded in the dense text of the Act are upcoming deadlines of which many New York organizations are possibly unaware. Below are significant deadlines to be prepared for if your entity is covered by the Act:

  1. By October 23, 2019, any organization collecting and/or processing New York resident data must be prepared to comply with the heightened breach notification requirements outlined by the Act. This includes organizations/entities that are already heavily regulated by NYS DFS, HIPAA, HITECH, GLBA, and “any other data security rules and regulations” of the Federal or New York State government. While SHIELD certainly does not require duplication in notification requirements for these aforementioned organizations, it does impose state agency notification to be provided to the NYS Attorney General, State Police and Secretary of State.
  2. By February 19, 2020 (120 days from Effective Date) State Entities as defined by New York Technology Law § 208 (1)(c)(2) must have a Breach Notification policy in place, and be prepared to implement the plan should an incident or breach occur. As an alternative, such State Entity may adopt a local law consistent with the breach notification requirements set forth in Section 899-aa.
  3. By March 21 2020, any organization collecting and/or processing New York resident data must be in full compliance with the electronic and physical security controls outlined in the Act and detailed in the two previous information memos circulated by Bond in August of this year. 

Links to both memos can be found here and here

Affected organizations and individuals (i.e., anyone who possesses a wide range of electronic data related to New York residents, including login and password combinations, payment and account information, biometric data etc.) are encouraged to take steps now to ensure compliance by the applicable deadlines.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bond Schoeneck & King PLLC | Attorney Advertising

Written by:

Bond Schoeneck & King PLLC
Contact
more
less

Bond Schoeneck & King PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.