New Yorks SHIELD Act
October 8, 2019
March 31, 2020
New York’s governor Andrew Cuomo has signed off on the Stop Hacks and Improve Electronic Data Security (SHIELD) Act.
This requires businesses to maintain reasonable safeguards for people’s personal information. The definition of a reasonable safeguard scales with the size of the business. The actual requirements are as follows.
A business must implement a data security program which includes: one or more employees coordinating the program, has reasonable technical safeguards, and has reasonable physical safeguards.
Reasonable technical safeguards must address: networks, software, data, attacks on systems, system failures, and regular testing of system effectiveness.
On the other hand, reasonable physical safeguards include: information storage and disposal, detecting and preventing intrusions, and protecting against unauthorized access of data at rest or in transit.
It also expands the situations which require a notification following a data breach. Now breaches which involve the access of private information require a notification. Previously, a notification was only required if the data was downloaded.
On the bright side, any organization that is HIPAA compliant will automatically be compliant with the SHIELD Act. The requirements for the SHIELD Act are different but HIPAA has shown to have adequate protections for consumer data.
Additionally, organizations that are covered by the Gramm-Leach-Bliley Act and the New York Department of Financial Services Cybersecurity Rule will not have to change their data protection approach.
The regulation will come into effect on March 21st, 2020. Organizations must prepare themselves by using an adequate data protection solution.
There is a world of options out there for data protection, but many solutions fall short. They say they protect data but actually only address a small part of it. Some claim that they protect data but merely provide visibility for it.
Your organization deserves the best solution for a modern problem. At SecureCircle, we created the first opt-out data protection solution to keep people’s data safe.
Our method is simple. Sensitive data will be protected by default with encryption. Only users within a Circle, or group of users, will be able to access the files. All it takes is a one time download of our client to get set up.
Other solutions require the user to decide which files need encryption (opt-in), whereas we are opt-out. This method has proven to be very effective when implemented in the right area. Studies have shown that people are more likely to not take action when given a choice, so we make the choice for them.
If your business will be impacted by the new SHIELD Act and you want to learn more, visit the rest of our site: www.securecircle.com
Prevent Data Breaches
Let’s discuss your unique cybersecurity challenges and needs.
If you want to notified when we post the newest content about mitigating insider threats, data breaches, protecting source code, and DASB, please subscribe to our SecureCircle newsletter.