What New Orleans Businesses Need To Know About The NY SHIELD Act

What New Orleans Businesses Need To Know About The NY SHIELD Act

When New York Governor Andrew Cuomo signed into law the NY SHIELD Act on July 25, 2019, he improved consumer privacy protections. Every business needs to understand the law and implement proper security improvement due to wide-ranging protections.

Officially known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, the law upgrades the protection of consumer’s personal and private information as well as upping the consequences for legal violations. Although laws already exist at the federal and state level, SHIELD strengthens them.

The SHIELD law covers three major prongs of business privacy and security requirements. These include:

• Applying the law to every business with customers in NY. The requirements for data security and notifications of an information hack apply to businesses collecting private data from residents of NY.
• An expanded definition of a security breach, also known as a hack. As the law defines breach, illegal access to a consumer’s information, not active acquisition, requires consumer notification.
• The new law protects more types of personal information, including biometrics.

The specifics each U.S. or foreign business must adhere to include increased security levels and detailed response plans. Here’s what you need to know.

The SHIELD Act Mandates

• NY now requires an increased level of data security, protection, and protocols for dealing with hacks. These specifically include consumer notification requirements and apply to any business that collects personal data from a consumer in NY.
• Its redefinition of security breach means that when any unauthorized party that accesses consumer personal data of any type, the company must notify the consumer of the information hack.
• The expanded definition of personal information includes biometric data regardless of whether its collection stems from hardware or software. Biometric data includes facial recognition, fingerprints, corneal scans, and other means of biometric identity. Personal information continues to refer to other identifying information, including but not limited to, email addresses, security questions and responses, passwords, Social Security numbers, driver’s license data, state or military ID card numbers, plus banking, credit card, and debit account numbers and access codes.
• NY state provided a deadline of March 21, 2020, to update security protocols for businesses with customers in NY. By August 2019, businesses had already amassed fines of more than $600 million for legal violations. Under the law, the NY Attorney General can levy fines of up to $250,000 per business for a violation.

How BIOS Technologies Can Help

Businesses with customers in NY should have already updated their security measures, but if you have not, get started by contacting BIOS Technologies of New Orleans. Our Louisiana information technology firm has helped numerous businesses update business processes, procedures, and protocols as well as to author appropriate business continuity and disaster response and recovery plans that specifically cover hacks and information breaches. Increasing your computer security protects your company as well as consumers.

BIOS offers managed security services to create better security, implement it, then monitor your systems to stop potential breaches before they reach any personal data. Our IT services include cloud-managed services that increase security as well as security programs that protect your systems from Trojans, ransomware, etc. We also install security programs to protect your emails, conduct data backups, and provide general network and computer security as well as business continuity and disaster-recovery planning.

Legal Requirements and Penalties

Although the SHIELD law leaves how security is handled up to each business, it requires you to “implement reasonable safeguards” to protect personal information and access to it. It stipulates that you contract with vendors also using strict security measures and protections.

Each company must designate a security program coordinator (SPC), who administers risk assessments, authors security plans, implements them, and reports hacks and unauthorized access to the NY Attorney General and other appropriate agencies. Companies must turn their security risk assessment process into living procedures and their plans into living documents.

Contact BIOS today to begin better protecting your business and customers. Let us help you meet the SHIELD law requirements.

David Williams

BIOS Technologies’ mission is to deliver superior IT support to the SMB market in the New Orleans Metro Area. We focus on companies that understand the business/security risks of unmanaged technology and want to maximize efficiency and profitability.