Are you storing data and private information of New York residents? The state has enforced breach notification law Stop Hacks and Improve Electronic Data Security (SHIELD) Act updating the scope and requirements for consumers’ sensitive information protection. In order to fulfill the requirements you should have information security program in place. Need help with that? 

  •  What’s the name of the bill? 

Senate Bill S5575B (ACTIVE)

  •  Who does it apply to?

Companies that create or maintain information about New York residents. 

  • When?

Starting in October 2019 the complimentary act on the Identity Theft Prevention and Mitigating Services takes action. It states that companies which faced a breach with Social Security numbers should provide these customers with additional benefits. SHIELD Act comes into force on March 21, 2020, so you still have time to prepare. Ask UnderDefense Security Experts for an advice. 

  • What has changed? 

 The definition of breach was broadened including the terms when an unauthorized person gains information. Learn more about vCISO support to get prepared to changes.

 Is it similar to any other privacy laws?  

 Last year GDPR (General Data Protection Regulation) has came into actioIn Europe that protects customers private data disclosure. It has already issued big number fines for its violation: 

📌British Airways £183 million 

📌Marriott around £99 million 

📌World Trade Center Bucharest £15 thousand.

UnderDefense advises that it’s better to check yourself before the breach happens and take proactive measures rather than pay fines.

The chart below shows how much companies pay after they suffered a breach in 2019 in the USA. According to IBM and Ponemon study, the health and financial industries have been the most popular to be breached and had the biggest difficulty retaining customers after they experienced noncompliance. 

Source: IBM and the Ponemon Institute’s annual “Cost of a Data Breach” report

Coming back to SCHIELD, the business regulated by and complied with (e.g., HIPAA, NY DFS Reg 500, Gramm-Leach-Bliley Act) is not required to further notify affected New York residents. However, they still have to alert New York attorney general, the New York State Department of State Division of Consumer Protection, and the New York State Division of the State Police. We are here to help you out, if it gets too complicated.


New York state takes proactive measures to show the importance of privacy and data security.

Regardless of the fact whether that organization does business in New York, each should comply with the SHIELD Act when you hold private information of a New York state resident.

In order to prevent being fined and lose the clients’ trust UnderDefense recommends reviewing your data breach prevention and response activities, build robust data protection programs, and invest in written information security programs (WISPs).


Get the Help You Need

Cybersecurity is our core expertise. Let’s get in touch and you will learn more about how UnderDefense can benefit your organization 

Next Readers

SOC 2 Budget Breakdown: How Much Does SOC 2 Cost in 2023?

SOC 2 Budget Breakdown: How Much Does SOC 2 Cost in 2023?

In a Nutshell SOC 2 Type I and Type II Certification Cost Comparison SOC 2 Type II Cost SOC 2 Type I Cost SOC 2 Certification Cost Breakdown Stage 1. Pre-Assessment Pre-Assessment Supervision SOC 2 Policies Software Licenses and Installations Penetration Test...

read more
UnderDefense reaches the mark of 100 employees

UnderDefense reaches the mark of 100 employees

Reaching 100 employees is no small feat and we are thrilled to announce that Underdefense has done just that! We are so proud of the team we've built who are committed to providing top-notch cybersecurity services. If everyone is moving forward together, then success...

read more

Do you have any questions?

Please leave your contact below and we’ll get back to you shortly.