How to comply with SHIELD Act?
Are you storing data and private information of New York residents? The state has enforced breach notification law Stop Hacks and Improve Electronic Data Security (SHIELD) Act updating the scope and requirements for consumers’ sensitive information protection. In order to fulfill the requirements you should have information security program in place. Need help with that?
- What’s the name of the bill?
- Who does it apply to?
Companies that create or maintain information about New York residents.
Starting in October 2019 the complimentary act on the Identity Theft Prevention and Mitigating Services takes action. It states that companies which faced a breach with Social Security numbers should provide these customers with additional benefits. SHIELD Act comes into force on March 21, 2020, so you still have time to prepare. Ask UnderDefense Security Experts for an advice.
- What has changed?
The definition of breach was broadened including the terms when an unauthorized person gains information. Learn more about vCISO support to get prepared to changes.
Is it similar to any other privacy laws?
Last year GDPR (General Data Protection Regulation) has came into action In Europe that protects customers private data disclosure. It has already issued big number fines for its violation:
📌British Airways £183 million
📌Marriott around £99 million
📌World Trade Center Bucharest £15 thousand.
UnderDefense advises that it’s better to check yourself before the breach happens and take proactive measures rather than pay fines.
The chart below shows how much companies pay after they suffered a breach in 2019 in the USA. According to IBM and Ponemon study, the health and financial industries have been the most popular to be breached and had the biggest difficulty retaining customers after they experienced noncompliance.
Source: IBM and the Ponemon Institute’s annual “Cost of a Data Breach” report
Coming back to SCHIELD, the business regulated by and complied with (e.g., HIPAA, NY DFS Reg 500, Gramm-Leach-Bliley Act) is not required to further notify affected New York residents. However, they still have to alert New York attorney general, the New York State Department of State Division of Consumer Protection, and the New York State Division of the State Police. We are here to help you out, if it gets too complicated.
New York state takes proactive measures to show the importance of privacy and data security.
Regardless of the fact whether that organization does business in New York, each should comply with the SHIELD Act when you hold private information of a New York state resident.
In order to prevent being fined and lose the clients’ trust UnderDefense recommends reviewing your data breach prevention and response activities, build robust data protection programs, and invest in written information security programs (WISPs).
Get the Help You Need
Cybersecurity is our core expertise. Let’s get in touch and you will learn more about how UnderDefense can benefit your organization
Risk based cyber resiliencyCustomer view: Guest blog by Michael Rezek, VP, Cybersecurity Strategy at Accedian It’s may be possible to spend less on cybersecurity and get more protectionWhat we have witnessed over the last couple of decades as the traditional approach...
Detecting reconnaissance activity in your networkBy Bogdan VennykOne of the main services we provide at UnderDefense is 24x7 Monitoring with our Security Operation Center (SOC) and a critical part of great SOC is ..., RIGHT! - its detection capabilities. That is why...
Black Friday. How To Avoid Major Cybersecurity RisksBy Iryna YamborskaBlack Friday is coming! Pleasant time of hot sales. Pleasant not only to those people who prepare Christmas gifts but also to hackers who want to make money on the desire of users to buy cheaper...