On June 17, the New York State Assembly passed the Stop Hacks and Improve Electronic Data Security Act, commonly referred to as the SHIELD Act which will be enforced by the New York Attorney General. This SHIELD Act should not be confused with Marvel’s Strategic Homeland Intervention Enforcement and Logistics Division also called S.H.I.E.L.D. The SHIELD Act is awaiting the governor’s signature to become law.
The SHIELD Act is New York’s latest data security law and is rather broad-sweeping following in the footsteps of other states’ data security laws requiring that any business which owns or licenses private information (PI) of a New York resident “shall develop, implement, and maintain reasonable safeguards to protect the security, confidentiality, and integrity of the private information including, but not limited to, disposal of the data.” In addition, the SHIELD Act provides a safe harbor for businesses that adopt certain specified safeguards including, for example, implementation of “reasonable administrative safeguards,” “reasonable technical safeguards,” and “reasonable physical safeguards.”
The SHIELD Act goes into effect on the ninetieth day after becoming a law save for the reasonable security requirement which is effective two hundred and forty days after becoming a law.
Please look for our forthcoming publications providing more details on the SHIELD Act and how it stacks up compared to other states’ recent data security laws.