Copeland News Alert: The NYS Shield Act 2020
Is your company SHIELD ready?
New York State is getting serious about cybersecurity. Their most recent action that was signed into law on July 25, 2019, is the New York State Stop Hacks and Improve Electronic Data Security Act or the SHIELD Act. Before the security requirements go into effect on March 21st, we want to make sure that your company is SHIELD ready.
Here are the key items about the SHIELD Act that we think you should know:
- The SHIELD Act is an amendment to the NYS Breach Notification Law It places cybersecurity requirements on everyone in New York who owns or licenses Personally Identifiable Information (PII) of NY residents) — now, companies don’t just have to report breaches, they have to use “reasonable safeguards” to protect PII.
- Being “in compliance with” HIPAA/HITECH, GLBA, or NYS DFS cybersecurity regulations allows you to establish that you have met the reasonable security requirement.
- Administrative Safeguards including, but not limited to, vendor risk management and security program maintenance
- Technical Safeguards like incident detection, prevention, and response
- Physical safeguards that include disposing, or wiping, electronic media within a reasonable amount of time and intrusion detection, prevention and response
Businesses also have to develop, implement, and maintain safeguards:
There’s good news for small businesses (businesses with less than 50 employees or less than $3 million in revenue assets) get a reasonable and appropriate to the size and complexity of the business clause. While this isn’t an exemption, it does seem intended to allow flexibility in how smaller organizations implement cybersecurity.
Interested in downloading the SHIELD Act in its entirety? Click here!
Luckily, there is still plenty of time before March 21st to get your company’s ducks in a row. If you have any questions about the SHIELD Act, let us know! We will make sure that you get the answers you need. In the meantime, you can watch Eric’s full conversation with David Newell from Loptr for more information about the SHIELD Act.
July 17, 2018
Cybersecurity is for every company. Cybersecurity isn’t reserved for major corporations that collect huge sets of credit data and personal information. Every company that relies on the internet must be aware of… Read more
April 2, 2018
[Updated January 7, 2020] Once again, 2020 will be an even more eventful year for cyber attacks. It’s too late now to think that only major corporations or government institutions have a… Read more