New York State Governor Andrew Cuomo has signed into law the Stop Hacks and Improve Electronic Data Security (SHIELD) Act to amend the state’s breach notification law and to add mandates for organizations to adopt information security programs to safeguard electronic data of state residents. New York will join a growing number of states revamping their breach notification and data security laws by broadening the scope of protected information and requiring organizations handling sensitive consumer information to implement reasonable security controls.
CynergisTek is pleased to provide the second in our occasional series of articles on important topics that will impact organizations long-range planning and strategic approaches to managing information assurance.
The SHIELD Act updates and expands New York’s laws for breach notification requirements and the types of information that is protected from unauthorized disclosure. Beginning in October 2019, New York’s breach notification requirements will apply to any organization that controls or processes information of a resident, not just those that conduct business in New York State. Separately, all breaches of protected health information reported to the Office for Civil Rights must also be reported to the New York Attorney General.
Executive Advisor, David Holtzman shares in-depth resources and valuable information when it comes to the new SHIELD Act.