New York Cybersecurity Shield Act: Impacts More Than Just New York - Are You Ready?

This spring, New York’s cybersecurity landscape shifts dramatically as certain provisions of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) take effect.  The SHIELD Act, 2019 N.Y. Ch. 117, which was signed into law by Governor Cuomo on July 25, 2019, modifies existing data breach law to expand the definition of “Private Information” and imposes new substantive cybersecurity requirements.

Among other provisions, it requires companies by March 21, 2020, to adopt cybersecurity programs reminiscent of the Written Information Security Program required under Massachusetts law for entities that own or license the personal information of Massachusetts residents.  Additionally, with the SHIELD Act’s coverage extending to biometric data, New York joins the handful of states that have acted in this area (the others being Illinois, Texas and Washington).

This post provides an overview of the cybersecurity requirements of the SHIELD Act in light of its looming compliance deadline, excluding modifications to the New York breach statute that have already taken effect.  It also discusses the NY Department of Financial Services Cybersecurity Regulation to the extent it relates to the SHIELD Act.

As the privacy landscape gets more complex with upcoming deadlines under the SHIELD Act, organizations covered should ensure their current practices comply with what is required and represent industry best practices.  Our team is prepared to assist every step of the way. MORE