Lewis Offers Guidance on SHIELD Act

July 15, 2019 | Privacy, Data & Cyber Law

In a Newsday article entitled, “Safe data always key, new law or no,” Shari Claire Lewis discusses the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, which was passed by the State Legislature and awaits Gov. Andrew Cuomo’s signature. The law require businesses to implement data security safeguards.

“Data’s one of the highest valued assets a business has in the 21st century,” Lewis says. “They have to protect it as they would any other business asset.”

NYS had laws governing data breach notification, but the new statute would expand them and cover any business handling the private information of state residents whether or not the business is located here, Lewis says.

It also spells out the safeguards companies should take to protect data from being hacked, which wasn’t the case in the past unless the business was part of a “regulated industry” such as financing or health care, she says. Specifically, it lays out reasonable administrative, technical and physical safeguards companies should follow.

This can be helpful, she says, considering companies often don’t know where to begin to “provide necessary cybersecurity in proportion” to their business risk. Still, they will likely feel the burden of compliance costs to implement safeguards.

Related News


Get legal updates and news delivered to your inbox