New York Shield Act Will Impose Noteworthy New Data Security & Breach Notification Requirements on Companies That Handle Data of New York Residents

The aspect of the SHIELD Act that has received the greatest attention—and for good reason—pertains to the new data security requirements that have been imposed under the law. Under the SHIELD Act, any individual or entity that processes the personal data of New York residents must “develop, implement, and maintain reasonable safeguards to protect the security, confidentiality, and integrity of the private information, including, but not limited to, disposal of data.” Importantly, the law provides that a business will be deemed in compliance with the requirement to implement reasonable data security measures if it maintains a data security program that incorporates a detailed series of administrative, technical, and physical controls that are set forth in the law. In addition, businesses that are in compliance with the data security mandates of laws such as the GLBA, HIPAA, and HITECH are also deemed to be in compliance with the SHIELD Act’s reasonable security requirement.

Source: https://www.jdsupra.com/legalnews/new-york-shield-act-will-impose-28732/