Changing Data Breach Laws: The New York SHIELD Act
Earlier this year, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), amending New York State’s existing data breach notification law and creating new data security requirements for businesses collecting private information on New York Residents.
Today, the breach notification provisions of that law went into effect.
Overview of the New York SHIELD Act:
The SHIELD Act (New York Senate Bill S5575B) amends the current data Breach Law in New York State, N.Y. Gen. Bus. Law § 899-aa.
Signed: Jul 25, 2019
Effective: Oct 23, 2019
Alignment with previously identified Radar regulatory trends:
Read the full text of the regulation here.
What does this mean for privacy professionals?
Under the new provision, a failure to report a breach under HIPAA could also lead to a failure to report to the New York Attorney General, compounding the risks and potential fines to the organization in the case of poorly managed privacy incident response. A violation of both HIPAA and the SHIELD act could also potentially trigger civil penalties under both measures.
For more information about the impacts of this regulation, we recommend this article from the National Law Review.
Explore the regulatory trends:
- The Expanding Scope of Personal Information
- Increasingly Specific Notification Timelines
- Notification Requirements to State Attorneys General
Topics: Breach Notification Laws