What You Need to Know About the NY State SHIELD Act
The NY State SHIELD Act is a data security system that maintains safeguards for private information. Here are some of the top things to know about it and what it means for you and your business provided by tca SynerTech. tca SynerTech offers customized IT services and solutions for organizations throughout Michiana.
When is it in effect?
The SHIELD Act went into effect on March 21, 2020. All businesses must comply with this date.
What does the SHIELD Act do?
This act requires all people and businesses that operate or are licensed in computer data, including the private information of those residing in New York, to have safeguards in place to properly protect their confidentiality, plus the integrity and security of the data.
The SHIELD Act does not extend to health information, which is ruled by separate entities — the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). Due to these acts already on the record, the SHIELD Act does not cover them.
What is private information?
Private information is defined as personal information that can be used to identify a person, such as a name, address, Social Security number, etc. Computerized identifiers such as email addresses, passwords, account numbers, and user names are also in this private information category. The term ‘private information’ does not reach to include publicly available information from the state, local, and federal governments.
Other examples of ‘private information’ included in the SHIELD Act are credit and debit card information, access codes, driver’s license, identification card numbers, fingerprints, iris, and retina images voiceprints.
The definition of ‘private information’ in the SHIELD Act is a bit broader than the previous law that was in effect. This new definition includes the spectrum of biometric information and online account credentials.
How do I and my business comply with the SHIELD Act?
Companies implementing a security program with technical, physical, and administrative safeguards to the data collected will be deemed to comply. This can include getting a service provider to oversee data, assess any network and software risks, and regularly test key controls on data procedures. Small businesses only need compliance that is reasonable for the size and complexity of a small business.
A small business is defined as a person or business with less than 50 employees and has less than $3,000,000 in gross annual revenue in the last three years or less than $5,000,000 in year-end total assets. If this definition fits you and your business, you are classified as a small business by the NY State SHIELD Act.
What happens if I am in violation?
The Attorney General can enforce the NY State SHIELD Act, and businesses can be held liable for civil penalty fines up to $5,000 for each violation. There is no authorization for a private right of action.
tca SynerTech offers customized IT services and solutions for organizations throughout Michiana. Learn more about tca SynerTech by visiting their website at tcasynertech.com