November 2019 - Shield Act
What is the Shield Act and what does it mean for my small business? Does my business need to implement a DataSecurity Program? Here are some basics to get you started:
The “SHIELD” in the New York SHIELD Security Act (Senate Bill S5575B) stands for “Stop Hacks and Improve Electronic Data.” The SHIELD Act is an expansion of the state’s existing data security law, general business law and data breach law.
Two types of businesses can satisfy the "reasonable safeguards" requirement other than by implementing a data security program as defined by the SHIELD Act:
- Small businesses—those with fewer than 50 employees or less than $3 million in gross annual revenue—need only ensure that their data security safeguards are appropriate for the size and complexity of the small business, the nature and scope of the small businesses' activities,and the sensitivity of the personal information the small business handles.
- Businesses, large or small, that are in compliance with other regulatory schemes requiring information security, such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act Security Rule, or the New York State Department of Financial Services' Cyber security Requirements for Financial Services Companies, are deemed compliant with the SHIELD Act.
Businesses must be compliant with this mandate by March 21, 2020. Contact your TripleTrack Consultant for more details.