NY State SHIELD Act

I recently read the Privacy & Cybersecurity Brief From Lowenstein and decided to provide a high level overview of the information that was in it regaurding the NY State SHIELD Act.

New York on Verge of Passing Landmark Data Security Legislation

  • This new legislation is called SHIELD(Stop Hacks & Improve Electronic Data Security) and would apply to any person or entity that processes the personal info of a NY state resident, even if the person or entity is not in NY.
  • The Act would broaden the definition of protected data to include biometric data, email, password or security questions and answers.
  • The Act would expand the definition of data breach to include unauthorized access to private information.
  • If an individual or company were to fail to comply with therequirements of the act, there could be a fine as high as $5,000 per violation or $20 per notification failure, which could get as high as a $250,000 fine.

Entities can show compliance with the act by demonstrating compliance with GLBA, HIPAA and other NY state data security regulations

I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually ‘Nothing; you’re screwed’.

Bruce Schneier

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s