The act was signed into law by the governor in July 2019. However, the new data security necessities came into effect on March 21, 2020, with limited ordeal amidst a global epidemic. But the security requirements of Shield Act New York have drastic impact – especially their reach to non-New York businesses that hold New York resident data.
Does the SHIELD Act apply to your organization?
The jurisdiction of the SHIELD Act is wide-ranging, as it’s applicable to all corporations holding New York resident data. This entails it’s not only meant for New York corporations, but to any business or person who owns or licenses computerized data which encompasses private info of a New York resident. The former version of SHIELD was limited to those firms that do business in New York.
How can the act impact your company?
The impact of the Shield Act New York is multiple. First of all, your organization must reveal data infringements – as mentioned under the act to include illegal access along with acquisition – and report to New York regulators in the event a violation happens. Secondly, your organization needs to execute safeguards to give protection to the confidentiality, security and reliability of private info.
While the Shield Act doesn’t authenticate exact requirements, it lists different practices that measure sensible technical, administrative and physical safeguards. For each safeguard, the Shield Act suggests actions an organization should consider executing.
Administrative Safeguards:
- Assigning one or multiple personnel to manage the corporation’s security program.
- Detecting reasonably predictable external and internal risks
- Training and supervising personnel on the security program
- Choosing providers that can uphold right safeguards
- In the event of business changes or new circumstances updating the security program.
Technical Safeguards:
- Appraising risks in software and network design, as well as in information processing, transmission and storage.
- Identifying, preventing and responding to attacks or system malfunctions.
Physical Safeguards:
- Appraising the risk of information storage and disposal.
- Spotting, preventing and quickly responding to intrusions.
- Safeguarding against illegal access to or use of private data.
- Discarding private info inside a reasonable time period once it is no longer required.
Though these lists are not prospective, the Shield Act provides that any business that fulfils those benchmarks is considered to be in compliance with necessities to execute and sustain reasonable safeguards.
CompCiti helps organizations to be compliant with the New York Shield Act. Along with the administrative, technical and proactive measures, CompCiti provides a set of steps to assure proper compliance and risk management.
Disclaimer: This content is created and provided by a third-party online content writer on behalf of CompCiti. CompCiti does not take any responsibility for the accuracy of this Content.
