New York SHIELD Act: Tips for Compliance

At the beginning of the year, we talked about the NYS SHIELD Act and the steps companies had to take to become compliant.  In the shuffle of recent events, the March 21st compliance date has come and gone for many without the proper actions in place.

The coupling of legal implications of non-compliance and the developing security vulnerabilities from the adaption of remote work, it’s important to take the time to evaluate if your organization is secure and SHIELD Act compliant.  To help, we want to:

  • Recap the SHIELD Act
  • Share Action Items: What You Can Do

Recap of the NYS SHIELD Act

To quickly recap the act, it’s New York State’s expansion on the previous data breach notification law, focusing around protecting personal data.  In the era data breaches and the abundance of personal information captured and stored by businesses, consumer privacy and data concerns have prompted multiple state and national regulations, including the ‘Stop Hacks and Improve Electronic Data Security Act’ (SHIELD Act).

Highlights of the act:

  • Broadens the definition of “private information” – now includes biometric information, account number, username or email address and password
  • Expands the definition of “breach”
  • Expands the jurisdictional reach and enforcement risk
  • Imposes data security requirements

For a complete breakdown of the act, read our guide “New York SHIELD Act: Everything You Need to Know” here. 

Action Items: What You Can Do

Hey, we get it.  It’s a weird time right now, having to adjust operations without missing a beat. While there’s a lot going on, from a different aspect, there’s now time to focus on priorities that get demoted on the to-do list in the typical day-to-day hustle.

There are a few action items that organizations can take in efforts to ensure compliance.

Put together a team. A requirement of the act is to assign one individual at the company to be responsible for and coordinate the program.  Empower the individual to begin open dialogue and begin outlining what your organization needs.

Prep before you plan. It’s tough to build a house if you don’t know what materials and equipment you have – or need.  The same applies to IT and security, it’s critical to understand the data you have and identify all security gaps. To get started, Brite recommends taking stock of your current environment and tools through an assessment. Luckily, we can help with our SHIELD Act Assessment.

IT and security are not one of those ‘set it and forget it’ kind of things.  Each need constant evaluation and evolution to stay up to date.  Take advantage of new calendar openings and the NYS SHIELD Act compliance deadline to jumpstart your security initiatives.  If at any point of the process you get stuck, our managed service team is here to help!