Advantage Helps Your Business Comply With The New York SHIELD Act
- Does your business store or transmit the personal information of people residing in New York State?
- Do you have concerns about compliance with new data privacy laws?
- Do you need help securing the personal information of your clients and employees?
Since introducing the EU’s GDPR laws and the California Consumer Privacy Act, governments and regulators have enacted several new data protection laws following a similar theme. New York State is the latest legislature to enact its own privacy regulations, the Stop Hacks and Improve Electronic Data Security (New York State SHIELD Act). The act seeks to reduce the cases of compromise of personal data of individuals resident in New York.
What Is SHIELD and Why Did New York Enact It?
Forbes.com claims that the first half of 2019 saw more than 3,800 reported data breaches, exposing over four billion personal email addresses and passwords. The New York State SHIELD Act has stringent requirements placed on companies that hold New York State residents’ personal information. Due to non-compliance with the law, privacy violations could result in up to $250,000 in fines, depending on breach severity. The NY SHIELD Act is an update to the NY State Information and Security Breach and Notification Act (NYDFS) and introduces several significant amendments, including:
- Expanded definition of private data
- Expanded definitions of a data breach
- Extension of territorial scope
- Mandatory safeguards
- Extension of the violation action period
How to Ensure Your Business Complies With the New York State SHIELD Act
Your compliance with the SHIELD Act’s data security requirements relies on your implementation of an adequate data security program. The program must include “reasonable” safeguards.
The administrative safeguards focus primarily on how capably your business can manage the physical and technical safeguards outlined below. This makes compliance with the law a cyclic process. The safeguards are:
- Designating employees to manage your security program
- Identifying internal and external risks
- Assessing your existing privacy safeguards to mitigate the risks
- Training your employees in security practices and procedures
- Choosing a service provider to maintain the necessary safeguards
- Adjusting your security in line with changes or new business circumstances
The NY SHIELD technical safeguards focus on the technology that your business uses to offer content or provide services to customers and how it processes and stores personal data. This safeguard specifically ensures that electronic information does not fall into the hands of an unauthorized user. The technical safeguards you should take include:
- Assessment of software and network design risks
- Assessment of data processing, transmission, and storage risks
- Prevention, detection, and response to system failures
- Regular testing of the effectiveness of data privacy systems, procedures, and controls
Physical safeguards are concerned with tangible storage and the disposal of customer records. Similar to the other safeguards, physical safeguards require you to carry out constant monitoring for unauthorized intrusions. The physical safeguards you need to implement are:
- Assessment of data storage and disposal risks
- Prevention, detection, and response to intrusions
- Protection of private information during and after collecting, transporting, and disposing of the data
- Proper disposal of private customer information after you no longer need it in a way that it can no longer be reconstructed or read
How Advantage Technologies Can Help You Achieve Compliance With NY SHIELD Regulations
At Advantage Technologies, we provide businesses with cybersecurity, technology consulting, and ongoing IT support. We can help you establish the safeguards necessary to protect users’ private information’s integrity, security, and confidentiality. Do not risk the hefty penalties for violating the New York State SHIELD Act – talk to us today about compliance with this important legislation.