It’s finally here… 2020 – the fresh start of a new year. For most of us, the start of a new year, and especially the start of a new decade, prompts us to step back and reflect on the past – looking at how we did, whether or not we managed to reach our goals, and resolve to do better in the coming days. For the average business owner, it’s a great time to do the same on a professional level. This year is especially important because cybercrime is evolving at a rapid rate, and unfortunately, we saw many local and national businesses fall victim to a range of threats, including ransomware, phishing attacks, and more.
If you haven’t made a resolution yet, complying with this new data privacy law is a great place to start. On March 21, 2020, the NY Shield Act comes into effect – impacting businesses all over the world that use and store information belonging to residents of the state. This means that even those who aren’t local may be required to make significant changes to the way they store, access, and share sensitive information belonging to residents of the state.
Governor Andrew Cuomo signed the SHIELD act into law on July 15, 2019. Attorney General Letitia James noted when the bill was passed, “This bill is an important step forward, providing greater protection for consumer’s private information and holding companies accountable for securing that data.”
The SHIELD Act requires companies to better protect sensitive information belonging to residents of the state. Under the SHIELD Act, the definition of a breach has been expanded to include any sort of unauthorized access to digitized data that may compromise the integrity, security, and confidentiality of private information. In addition, the definition of private information has been expanded to include:
Lastly, the safeguards required to protect private information have been expanded as follows:
1. Administrative safeguards must include a designated employee or team to coordinate the cybersecurity program wherein:
2. Technical safeguards must be implemented to safeguard all private information against unauthorized access. Risks should be identified on the network, software, and information storage processes, then a solution must be deployed to detect and respond to attacks or failures of any sort.
3. Physical safeguards must be deployed, including solutions that protect against unauthorized access of information at rest or in transit, as well as solutions that ensure the disposal of information within a reasonable timeframe after it’s deemed no longer necessary.
As you’re preparing to be in compliance before March 21, 2020, don’t forget the breach notification amendments that came into effect on October 23, 2019. The SHIELD act updates definitions already in place and expands the existing laws regarding breach notifications. Basically, any information exposed requires the business to notify all affected individuals via the following methods:
All breaches must be announced without reasonable delay – meaning as soon as it’s noticed. If the breach impacts more than 500 residents, written determination of the breach must be provided to the state attorney general within 10 days. If the breach impacts more than 5,000 residents, the state attorney general will determine which consumer reporting agencies the breach must be reported to and request that you provide the timing, content, and distribution of the notices, as well as the number of affected individuals, to those agencies.
Globalquest Solutions is here to help you avoid the costly instance of a data breach. We know that a data breach has far-reaching consequences – resulting in a loss of customer trust, reputational damage, and of course, potential fines and penalties. We’ve been supporting the information technology requirements of businesses across the state since 2014. Get in touch with us as soon as possible.
Call (716) 601-3524 to Work with Western New York’s Leading IT Services Provider. We Specialize in Cybersecurity to Keep Your Private Information Safe Against Threats.