How The NY State SHIELD Act Impacts Your Business

If you have a business in New York, have staff in New York, have customers in New York, or your business operations are in New York, you need to know about the Stop Hacks And Improve Electronic Data Security (SHIELD) Act.

If your business fits into any of the areas outlined above, the SHIELD Act impacts your business. With more than 19 million people calling the state of New York “home”, the chances that the SHIELD Act impacts your business is pretty high.

What Is the New York State SHIELD Act?

The SHIELD Act is one of New York’s ways of protecting the personal information of more than 19 million private residents in digital format. In response to several major data leaks, the state of New York presents the SHIELD Act with one primary focus – protecting the digital information of consumers in New York with clear guidelines and requirements for data security.

With employees or operations in New York that include customers or clients, the SHIELD Act outlines steps your business will need to take for cyber security to safeguard sensitive personal information to prevent this data from becoming exposed and risking identity theft or worse for the millions of people in New York.

What Does the SHIELD Act Mean for My Data?

You need to be aware of the SHIELD Act because it changes what “exposure” means for your business as it relates to your data security. Before the SHIELD Act, data breaches were when unauthorized users were able to acquire data, but the SHIELD Act has redefined “exposure” to include unauthorized users accessing data – a major distinction.

Thanks to the SHIELD Act, if a business determines that their data includes that of individuals who are residents of New York and this data has become compromised, these consumers must be notified and credit reporting agencies must offer identity theft protection services to those impacted.

What Does the SHIELD Act Do To Help Protect Information?

The SHIELD Act protects the sensitive personal information of the residents of New York, including:

  • Full legal names
  • Social Security and Driver’s license numbers
  • Credit and debit card numbers
  • Financial account numbers or information
  • Biometric information
  • Account user names or email addresses

The SHIELD Act applies to any person or business who accesses, stores, shares, or uses any of this information in a computerized or digital format.

How Can Your Business Comply with the SHIELD Act?

The SHIELD Act classifies businesses into two categories – Small and Large Businesses, with the following factors:

Small Businesses

  • Less than 50 employees
  • Less than $3 million annual revenue in each of the past three fiscal years

The SHIELD Act recognizes the cost burden that data security and technology can put on a small business if required to meet the same compliance levels as large businesses. To resolve this, the SHIELD Act maintains that small businesses are required to take administrative technical and physical steps to protect electronic data, and outlines unique attributes of small businesses based on:

  • The size and complexity of your business
  • The nature and scope of your industry
  • The sensitivity of the data you store

Large Businesses

  • More than 50 employees
  • Greater than $3 million in gross annual revenue

Steps all businesses must take to comply with the SHIELD Act focus on data security:

  • Maintain a secure technology ecosystem, including IT systems and network
  • Maintain limits on users who can access this sensitive information
  • Train your staff on security protocols and best practices