Learn How The New York SHIELD Act Can Affect Your Organization

First Name
Last Name
Join Our Mailing List
I have read and agree to the terms of the privacy policy (linked below).
Thank you!
Error - something went wrong!

New York SHIELD Act: Where Do I Begin?

David Holtzman

New York State Governor Andrew Cuomo has signed into law the Stop Hacks and Improve Electronic Data Security (SHIELD) Act to amend the state’s breach notification law and to add mandates for organizations to adopt information security programs to safeguard electronic data of state residents. New York will join a growing number of states revamping their breach notification and data security laws by broadening the scope of protected information and requiring organizations handling sensitive consumer information to implement reasonable security controls.

CynergisTek is pleased to provide the second in our occasional series of articles on important topics that will impact organizations long-range planning and strategic approaches to managing information assurance.

The SHIELD Act updates and expands New York’s laws for breach notification requirements and the types of information that is protected from unauthorized disclosure. Beginning in October 2019, New York’s breach notification requirements will apply to any organization that controls or processes information of a resident, not just those that conduct business in New York State. Separately, all breaches of protected health information reported to the Office for Civil Rights must also be reported to the New York Attorney General.

Executive Advisor, David Holtzman shares in-depth resources and valuable information when it comes to the new SHIELD Act. 

About the Author

David Holtzman

David Holtzman is an executive advisor for CynergisTek. He is considered a subject matter expert in health information privacy policy and compliance issues involving the HIPAA Privacy, Security and Breach Notification Rules. Prior to CynergisTek, Holtzman served on the health information privacy team at the Department of Health & Human Services, Office for Civil Rights (OCR/HHS), where he led many OCR initiatives including the effort to integrate the administration and enforcement of the HIPAA Security Rule, and health information technology policies. David has nearly two-decades of experience in developing, implementing and evaluating health information privacy and security compliance programs from both government and private sector organizations. He is a member of the HHS “CISA 405-d Workgroup”, the Joint Cybersecurity Working Group of the Healthcare Sector Coordinating Council and Co-Chair of the Privacy and Security Workgroup for North Carolina Healthcare Information & Communications Alliance (NCHICA).

Follow on Twitter
Previous Content
Potential Iranian Cyber Attack: Where Do I Begin?
Potential Iranian Cyber Attack: Where Do I Begin?

Have you been considering where to begin when it comes to a potential Iranian cyber attack? Get insight int...

Next Content
CCPA Compliance: Where Do I Begin?
CCPA Compliance: Where Do I Begin?

This in-depth resource, written by privacy expert David Holtzman, provides actionable best practices all or...