The New York SHIELD Act was signed into law in July and will go into effect beginning October 23, 2019. Here's what you need to know to make sure your business is on top of the new requirements.
Data Breach Notification Expansion – Effective October 23, 2019Effective October 23, 2019, any unauthorized access to data held by an organization will mandate either a data breach notification to impacted individuals or a formal letter indicating why a breach notice is not needed. Previously, the only entities required to report data breaches were NYS or Federally regulated entities like financial services or healthcare companies. SHIELD broadens the requirements for breach reporting to “anyone owning or licensing PII of a NY resident”. If you have even 1 employee that lives in New York state, this applies to you!
Data Security Protections – Effective March 21, 2020
Effective March 21, 2020, your company must have in place a formal data security program that meets the “reasonable safeguards” standard as defined in the Act.
Implementing “reasonable safeguards” can be a big undertaking, however, the hardship to meet the conditions of the SHIELD Act is alleviated to some extent for a small business.
A small business is defined as having any of the following:
- less than 50 employees
- less than $3m in gross annual revenue
- less than $5m in year-end total assets
What Does This Mean for Your Business?
This Act presents a major shift of responsibility and liability onto your business.
These new regulations are something all businesses need to be made aware of if they hold any private information of NYS residents.
How Can LMT Help?
LMT’s Cybersecurity offerings include Risk Assessments, vCISO services, and Security Awareness Training that can assist you with complying with the SHIELD Act regulations. If you would like more information, please contact us at 585-784-7470.