How to comply with SHIELD Act?
Are you storing data and private information of New York residents? The state has enforced breach notification law Stop Hacks and Improve Electronic Data Security (SHIELD) Act updating the scope and requirements for consumers’ sensitive information protection. In order to fulfill the requirements you should have information security program in place. Need help with that?
- What’s the name of the bill?
- Who does it apply to?
Companies that create or maintain information about New York residents.
Starting in October 2019 the complimentary act on the Identity Theft Prevention and Mitigating Services takes action. It states that companies which faced a breach with Social Security numbers should provide these customers with additional benefits. SHIELD Act comes into force on March 21, 2020, so you still have time to prepare. Ask UnderDefense Security Experts for an advice.
- What has changed?
The definition of breach was broadened including the terms when an unauthorized person gains information. Learn more about vCISO support to get prepared to changes.
Is it similar to any other privacy laws?
Last year GDPR (General Data Protection Regulation) has came into action In Europe that protects customers private data disclosure. It has already issued big number fines for its violation:
📌British Airways £183 million
📌Marriott around £99 million
📌World Trade Center Bucharest £15 thousand.
UnderDefense advises that it’s better to check yourself before the breach happens and take proactive measures rather than pay fines.
The chart below shows how much companies pay after they suffered a breach in 2019 in the USA. According to IBM and Ponemon study, the health and financial industries have been the most popular to be breached and had the biggest difficulty retaining customers after they experienced noncompliance.
Source: IBM and the Ponemon Institute’s annual “Cost of a Data Breach” report
Coming back to SCHIELD, the business regulated by and complied with (e.g., HIPAA, NY DFS Reg 500, Gramm-Leach-Bliley Act) is not required to further notify affected New York residents. However, they still have to alert New York attorney general, the New York State Department of State Division of Consumer Protection, and the New York State Division of the State Police. We are here to help you out, if it gets too complicated.
New York state takes proactive measures to show the importance of privacy and data security.
Regardless of the fact whether that organization does business in New York, each should comply with the SHIELD Act when you hold private information of a New York state resident.
In order to prevent being fined and lose the clients’ trust UnderDefense recommends reviewing your data breach prevention and response activities, build robust data protection programs, and invest in written information security programs (WISPs).
Get the Help You Need
Cybersecurity is our core expertise. Let’s get in touch and you will learn more about how UnderDefense can benefit your organization
Penetration Testing cost.What is the price to avoid bad surprisesBy Iryna YamborskaLet me guess: if you are here - you need a pentest. Customers ask you about pentest, or it is a compliance requirement. Or you are the one who takes care of the state of security of the...
Healthcare ecosystem: Strategies to improve CybersecurityBy Nataly DziobaHealthcare institutions, large and small, have always been a prime target for cybercrime. Lately, healthcare is transitioning from its traditional focus of disease, accidents, etc., toward the...
How to detect CobaltStrike Command & Control communicationBy Bogdan VennykCobaltStrike became part of the Cybercrime’s “toolset” almost in every Company breach. This growth is explained by the fact that CobaltStrike was leaked multiple times and became more...