SHIELD Act Strengthens Data Breach Policies in NY
The Stop Hacks and Improve Electronic Data Security Act, or SHIELD Act, was recently passed by the New York legislature. It updates the state’s breach notification laws and broadens the definition of what constitutes a "breach".
The bill, recently passed by the New York Legislature, would dramatically change the state's way of handling data breaches and would provide consumers with more transparency while imposing strict penalties on companies for suffering cyber attacks. States across the country have adopted or are actively seeking to adopt consumer privacy legislation.
SHIELD was first proposed by former Attorney General Eric Schneiderman in 2017 and is co-sponsore by Todd Kaminsky, NY State Senator, shortly after the massive Equifax data breach that affected close to 150 million consumers. SHIELD has undergone many revisions, but the bill:
- expands the legal definition of what counts as data (including biometric data, email addresses, passwords and security questions)
- expands what counts as a data breach (including unauthorized viewing and copying)
- requires companies to implement more measures to protect consumer data, expands the current breach notification requirement and mandates that any person or enterprise affected by the breach be notified.
The New York Privacy Act, another recently introduced bill, seeks to go beyond what the California Consumer Privacy outlines by giving residents unprecedented options for consumers to take control over their data.