Impact of the New York SHIELD Act on Businesses

no image

The Impact of the New York SHIELD Act on Businesses

The New York SHIELD Act Requires More Extensive Cybersecurity Protocols and Expanded Data Breach Reporting for Businesses That Store or Use Information Belonging to New York Residents… 
The New York SHIELD (Stop Hacks and Improve Electronic Data Security) Act has a far-reaching impact as it applies to all businesses that store or use information belonging to residents of the state. This means businesses outside of the state are also required to comply with the new law, as long as they collect information belonging to residents of the state. What does this mean for businesses? Well, at a high level: 

  • They must implement a data security program that incorporates employee training, risk assessments, and incident response planning and testing. 
  • They must alert any affected individuals in the event of intentional or unintentional information disclosure without reasonable delay. 

All employers, organizations or individuals, regardless of their location, must comply if they’re collecting information belonging to residents of the state. The law goes into effect on March 21, 2020. 

Let’s Take a Closer Look at the Extensive Cybersecurity Policies and Procedures Required of Businesses…

The SHIELD Act requires businesses to adopt extensive cybersecurity policies and procedures designed to protect the confidentiality and security of resident information in three ways: 
Administrative safeguards

  • Designate an employee or a team to coordinate the cybersecurity program
  • Perform an assessment of internal and external risks to data
  • Implement sufficient safeguards to control the risks identified in the assessment
  • Train employees on the latest threats and best practices
  • Vet vendors and contractually obligate them to meet cybersecurity standards

Technical safeguards

  • Identify risks in regards to network, software, and information storage processes
  • Deploy a solution that detects and responds to attacks or failures of any sort
  • Test and monitor the controls and/or procedures in place to prevent attacks 

Physical safeguards 

  • Assess risks relating to information storage and/or disposal
  • Implement a solution to detect, prevent, and respond to intrusions
  • Protect against unauthorized access of information at rest or in transit 
  • Dispose of information within a reasonable amount of time after it’s not needed

How Should Businesses Respond to a Data Breach in the Event of Information Disclosure?

The SHIELD Act also expands existing data breach notification laws. In the existing laws, a “breach” refers to the unauthorized access of information – not only the unauthorized acquisition of information. If a data breach involves information belonging to more than 500 residents of the state, the company must submit all required documentation to the state’s attorney general within 10 days. The state’s attorney general will decide whether or not to impose fines according to the SHIELD Act. 
Those Doing Business with Residents of New York Will Certainly Feel the Impact of the New York SHIELD Act. Let’s Make Sure You’re Prepared for the MASSIVE Changes Coming March 21, 2020. Call (716) 206-3200. 
Why get in touch with Buffalo Computer Help? Simple: We’ve been helping businesses throughout Western New York stay safe against cybercrime since 2014. We’ve seen the impact of data breaches and how devastating they can be – and we’ve also prevented many businesses from ever experiencing a data breach. Why not get in touch with us ahead of time so you’re not reaching out trying to recover from the aftermath? 

Subscribe to the Globalquest Blog

Latest Blogs


We’re ready to help you see how the right IT solutions can transform your business.

We’re ready to help you see how the right IT solutions can transform your business. Contact Globalquest today to learn more about what we can do to help you pursue your goals.

Call us at (716) 601-3524 or send an email to

Book your complimentary consultation today

GlobalQuest will never sell or rent your contact information. Your info is secure with us.