I recently read the Privacy & Cybersecurity Brief From Lowenstein and decided to provide a high level overview of the information that was in it regaurding the NY State SHIELD Act.
New York on Verge of Passing Landmark Data Security Legislation
- This new legislation is called SHIELD(Stop Hacks & Improve Electronic Data Security) and would apply to any person or entity that processes the personal info of a NY state resident, even if the person or entity is not in NY.
- The Act would broaden the definition of protected data to include biometric data, email, password or security questions and answers.
- The Act would expand the definition of data breach to include unauthorized access to private information.
- If an individual or company were to fail to comply with therequirements of the act, there could be a fine as high as $5,000 per violation or $20 per notification failure, which could get as high as a $250,000 fine.
Entities can show compliance with the act by demonstrating compliance with GLBA, HIPAA and other NY state data security regulations
I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually ‘Nothing; you’re screwed’.Bruce Schneier