A Breakdown of the New York SHIELD Act

The New York SHIELD Act

The New York SHIELD (Stop Hacks and Improve Electronic Data Security) Act, which comes into effect on March 21, 2020, has a far-reaching impact as it applies to ALL businesses storing or access information belonging to residents of the state. You will be required to develop, implement, and maintain reasonable safeguards that protect the integrity, security, and confidentiality of this information. If you own, store or access information belonging to residents of the state and you meet the following criteria, this is vital for you to understand:

1. 50+ employees
2. $3,000,000+ in annual gross revenue averaged over the past 3 years OR
3. $5,000,000+ in year-end total assets

Even if you fall below these thresholds, you must still adopt the reasonable safeguards necessary based on your size and the sensitivity of the data you’re storing and accessing. Here are the safeguards:

Administrative Safeguards

• One or more employees should be designated to manage a data security program that identifies foreseeable internal and external risks.
• Safeguards should be assessed to control the risks identified above and training should be provided to all employees.
• Third-party vendors should be vetted to ensure they have adequate data security programs, as well as they’re required to by contract.
• Any new changes or circumstances that arise should be considered and worked into the data security program.

Technical Safeguards

• The network design and all configured software should be assessed for potential security risks.
• Information processing, storage, and transmission technologies and protocols should be assessed for potential security risks.
• Adequate detection, prevention, and response technologies and protocols should be implemented for attacks or system failures.
• All security and/or controls related to data privacy should be regularly tested and monitored to ensure effectiveness.

Physical Safeguards

• Data storage and disposal processes and procedures should be assessed to identify any security risks.
• Adequate detection, prevention, and response technologies and protocols should be implemented for intrusions.
• All processes relating to the collection, transmission, and disposal of sensitive information should be reviewed to protect against unauthorized access.
• All sensitive information should be disposed of in a reasonable amount of time after it’s no longer necessary for business purposes.

Need help complying with the SHIELD act? Call (631) 203-6403.

LI Tech Advisors is the top IT services company in Long Island, NY and surrounding areas.

Like this article? Keep reading…

How to Save Your Business from Drowning in Complex Technology

Best Practices for Creating & Protecting Your Passwords

How Can You Use Technology to Automate Your Finances?

Anthony Buonaspina, BSEE, BSCS,CPACC

Anthony has been in the MSP business since before the acronym existed. Managed IT once started as break-fix solutions and some light phone support.

Since then, he has seen the industry flourish into a landscape of platforms, cloud servers, software tools and AI . Tailoring network configurations and software stacks to the specific needs of each business.

In his current role, he focuses on proactive planning, ensuring clients can avoid potential issues altogether. This involves meticulous planning for enhanced business continuity, allowing swift resolution of any unforeseen challenges. What initially began as addressing "fires" through break-fix solutions has evolved into a proactive approach, ensuring that such issues are prevented from arising in the first place.