Keeping You Up-To-Date With Information About Sage 100
New York SHIELD Act: New Cybersecurity Compliance – What You Need to Know
By: Net at Work Team
Starting on March 21, 2020 New York State will be enacting theSHIELD Act (Stop Hacks and Improve Electronic Data Security), which expands New York State’s data breach notification law and imposes stricter data security requirements on businesses that hold the private information of New York State residents. This affects you regardless of whether your business has a physical presence in NY State.
What to Know About the SHIELD Act
The SHIELD Act will impose specificcybersecurity requirementson businesses. The Act says that in order to achieve compliance businesses that own or license computerized data that includes “private information” of New York State residents must implement a “data security program” that includes the following safeguards:
Designation of one or more employees to set up the security program
Identification of probable foreseeable external and insider risks
Appraisal of existing safeguards, workforce cybersecurity training, and
Selection of service providers experienced in maintaining appropriate safeguards and requiring those safeguards by contract
Risk assessments of IT network
Information processing and software design
Transmission and storage, enforcement of measures to detect
Avert and respond to system failures, and regular testing and monitoring of the effectiveness of key controls
Evaluate risks of information storage and disposal
Identify, prevents and responds to intrusions
Protects against unauthorized access to or use of private information during or after the collection, transportation and disposal of the information
Properly discard private information within an appropriate amount of time after it is no longer needed for business purposes
Penalties for Non-Compliance
The Act increases the potential civil penalties for breach notification law violations to up to $20 per instance of failed notification (capped at $250,000), and imposes new civil penalties (up to $5,000 per violation, with no cap) for certain failures to comply with the data security program requirements. As of the middle of 2019, the Attorney General’s office has fined over $600M related to data breaches.
Next Steps to Achieve Compliance
Organize and implement a data security program that is compliant with the SHIELD Act’s requirements.
Appoint or hire a specialist to oversee the data security program.
Conduct regular data privacy and security training for all new and current employees.
Assess and alleviate data security threats caused by employees and other insiders.
Ensure that records containing the private information of New York State employees and candidates are promptly destroyed in a secure manner after the applicable retention period ends.
Net at Work can help establish and maintain a Cybersecurity Program that complies with the SHIELD Act requirements.Contact ustoday to ensure your business is SHIELD Act-compliant.