In July 2019, Governor Andrew Cuomo signed the Stop Hacks and Improve Electronic Data Security act (SHIELD) into law. This law affects any organization that holds private information for New York state residents. A greater understanding of key components of the New York SHIELD law will ease regulatory compliance for manufacturers and other businesses.
In summary, SHIELD expands data breach notification requirements and mandates that organizations create or update a data security program. To meet these requirements, manufacturers must address risk, review vendor compliance, and ensure proper notification in the event data becomes compromised.
The strict breach notification requirements of New York’s SHIELD law have already taken effect. To comply, organizations must understand how the law broadens the definitions of both “private information” and “data breach.”
In the event of a breach, organizations must immediately notify the New York residents whose personal information was compromised. They must also notify the New York state attorney general and the state police.
Organizations have until March 2020 to comply with SHIELD’s data security program requirements. The law requires that organizations deploy reasonable security measures in terms of administrative, technical and physical safeguards. Some examples of these safeguards include the following:
These requirements can seem overwhelming for small manufacturers. However, the regulations do include some concessions for small businesses. New York’s SHIELD law defines small businesses as those with less than 50 employees, less than $3 million in gross annual revenue or less than $5 million in total assets.
In addition to implementing their own security programs, organizations must also assess any risk involved with third parties. For instance, many organizations outsource some storage and processing of private information to vendors. In that case, they must review and update vendor contracts to ensure that vendors also provide appropriate safeguards.
Although addressing SHIELD regulations requires an investment of time and budget, the penalties for non-compliance can prove even more costly. Violations can result in fines of up to twenty dollars per failed notification, capped at $250,000. And violations of the data security program regulations can cost up to $5,000 per single violation, with no cap.
The consultants at eMazzanti can help you build a comprehensive cyber-security program to ensure regulatory compliance. With deep experience in manufacturing data security and information governance, we will guide you through the maze of the New York SHIELD law. From risk assessment to security controls and data retention policies, we have you covered.
In today's dynamic business environment, scalability isn't just a desirable feature—it's often a critical factor…
In the landscape of website security, there is one major overlooked issue: user enumeration in…
In today's interconnected digital landscape, cybersecurity threats continue to evolve at a rapid pace, posing…
Network printers are an essential component of operational efficiency in today's interconnected workplace. As opposed…
As Cyber Security threats continue to rise, network door locks have become one of the…
Microsoft Exchange is a popular email, calendaring, contact, and task management platform. Exchange, which debuted…