Home
Services
About UsInsightsContact Us
< Back to all posts

The NY SHIELD Act and Data Security

Compliance with the NY SHIELD Act requires enhanced data security policies. Learn from the IT superheroes at Tekie Geek.

What the NY SHIELD Act Means for Your Small Business

Consumer data is a valuable tool – you can get to know your customers better, save them time when they log into their accounts, and market products or services that are tailored to their interests. But when you collect consumers’ personal information, you have a responsibility to store and use it safely. Tekie Geek is a top provider of IT services for businesses in New York and New Jersey. Here, we explain how the NY Shield Act affects your data security policies and procedures.

An Overview of the NY SHIELD Act

New York State enacted the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) in 2019. The purpose of the NY SHIELD Act is to compel businesses to implement policies that safeguard the personal data of New Yorkers. The law imposes new data security requirements and updates the existing regulations for notifying customers and business partners when a data breach occurs. The NY SHIELD Act applies to any business that uses the private information of New York residents, not just companies that are based in NY.

Types of Protected Information Under the NY SHIELD Act

The NY SHIELD Act was created in response to a growing number of high-profile cyber attacks that exposed private consumer data. The law broadens the definition of what constitutes private information to include any type of personally identifiable information (PII) coupled with:

  • A social security number
  • A driver’s license number
  • A non-driver ID number

PII includes elements that directly identify a specific person, such as their name, telephone number, or email address.

Under the NY SHIELD Act, private information also encompasses:

  • Credit or debit card numbers, combined with any type of access code
  • Biometric information used to confirm an identity, such as a fingerprint, retina scan, or voice ID
  • A username combined with a password or security question that would grant account access

Compliance Requirements for Businesses

Recognizing that many industries now collect and store customer data, the NY SHIELD Act compels businesses to update their data security policies and procedures. Under the law, companies must:

  • Implement security measures: All businesses must have appropriate data security measures in place and ensure that any third-party vendor they work with also complies with the NY SHIELD Act.
  • Document their practices: They must have a written plan for protecting customer information from a data breach and audit their security systems regularly.
  • Train staff: Employees are required to receive training on the security program policies and procedures.
  • Notify customers: If a data breach happens, all customers must be notified as soon as possible.

The Office of the New York State Attorney General (OAG) maintains a data breach reporting portal that companies can use.

Reducing Your Security Risk

Often, small and medium-sized businesses don’t have the in-house IT expertise required to ensure robust compliance with privacy laws like the NY SHIELD Act. That’s where Tekie Geek comes in: we offer managed IT services to protect you against cybersecurity risks and implement proactive monitoring and threat detection.

As an IT consultant, we use a multi-pronged approach to reduce the likelihood of a data breach and can tailor our services to address existing gaps in your data security policies. Plus, using a managed service provider like Tekie Geek may mean you qualify for a reduced premium on your cyber insurance policy.

Learn More About Data Breach Protection

Tekie Geek is proud to serve clients throughout New York and New Jersey. We’ve built our reputation on state-of-the-art IT solutions that can be customized to your industry and business needs. In addition to managed IT, our computer consultants offer business continuity planning, cloud computing services, and other services. To get started with Tekie Geek, contact us today or call 347-830-7322. We are the IT superheroes.


References

https://ag.ny.gov/resources/organizations/data-breach-reporting/shield-act

https://ag.ny.gov/resources/organizations/data-breach-reporting

https://www.natlawreview.com/article/new-york-shield-act-faqs

https://www.shrm.org/resourcesandtools/legal-and-compliance/state-and-local-updates/pages/new-york-shield-act.aspx

Interested in Learning
More about Our Services?

Contact us to request a consultation.
Privacy Policy
© 2013-2024 | Tekie Geek | All Rights Reserved