Copeland News Alert: The NYS Shield Act 2020

Is your company SHIELD ready?

New York State is getting serious about cybersecurity. Their most recent action that was signed into law on July 25, 2019, is the New York State Stop Hacks and Improve Electronic Data Security Act or the SHIELD Act. Before the security requirements go into effect on March 21st, we want to make sure that your company is SHIELD ready.

Here are the key items about the SHIELD Act that we think you should know:

    • The SHIELD Act is an amendment to the NYS Breach Notification Law It places cybersecurity requirements on everyone in New York who owns or licenses Personally Identifiable Information (PII) of NY residents) — now, companies don’t just have to report breaches, they have to use “reasonable safeguards” to protect PII.
    • Being “in compliance with” HIPAA/HITECH, GLBA, or NYS DFS cybersecurity regulations allows you to establish that you have met the reasonable security requirement.

    Businesses also have to develop, implement, and maintain safeguards:

      • Administrative Safeguards including, but not limited to, vendor risk management and security program maintenance
      • Technical Safeguards like incident detection, prevention, and response
      • Physical safeguards that include disposing, or wiping, electronic media within a reasonable amount of time and intrusion detection, prevention and response

      There’s good news for small businesses (businesses with less than 50 employees or less than $3 million in revenue assets) get a reasonable and appropriate to the size and complexity of the business clause. While this isn’t an exemption, it does seem intended to allow flexibility in how smaller organizations implement cybersecurity.

      Interested in downloading the SHIELD Act in its entirety? Click here!

      Luckily, there is still plenty of time before March 21st to get your company’s ducks in a row. If you have any questions about the SHIELD Act, let us know! We will make sure that you get the answers you need. In the meantime, you can watch Eric’s full conversation with David Newell from Loptr for more information about the SHIELD Act.


      Posted on February 24, 2020. Categorized as .

Related Insights

Why Should I Use a Password Manager?

March 11, 2019

We repeatedly stress the importance of strong passwords that are unique to every website, but with dozens (or hundreds) of complex passwords it becomes challenging to remember them. This is where a… Read more

How to Develop A Cybersecurity Plan For Your Company [checklist included]

July 17, 2018

Cybersecurity is for every company. Cybersecurity isn’t reserved for major corporations that collect huge sets of credit data and personal information.  Every company that relies on the internet must be aware of… Read more

How To Spot a Phishing Email [2020 Update with Slideshow]

April 2, 2018

[Updated January 7, 2020] Once again, 2020 will be an even more eventful year for cyber attacks.  It’s too late now to think that only major corporations or government institutions have a… Read more

Request More Info

Get in touch and determine where managed IT services fits with your business.
Request More Info Mini

Stay Up to Date

Get valuable technology and security insights sent directly to your inbox.
Mailing List Sign Up