At the beginning of the year, we talked about the New York SHIELD Act compliance and the steps companies had to take. In the shuffle of recent events, the compliance date has come and gone for many without the proper actions in place.
With the coupling of legal implications of non-compliance and the developing security vulnerabilities from the adaption of remote work, it’s important to take the time to evaluate if your organization is secure and SHIELD Act compliant. To help, we want to:
- Recap the SHIELD Act
- Share Action Items: What You Can Do
Recap of the New York SHIELD Act
To quickly recap the act, it’s New York State’s expansion on the previous data breach notification law, focusing on protecting personal data. In the era of data breaches and the abundance of personal information captured and stored by businesses, consumer privacy and data concerns have prompted multiple state and national regulations, including the ‘Stop Hacks and Improve Electronic Data Security Act’ (SHIELD Act).
Highlights of the act:
- Broadens the definition of “private information” – now includes biometric information, account number, username or email address and password
- Expands the definition of “breach”
- Expands the jurisdictional reach and enforcement risk
- Imposes data security requirements
Action Items: Achieving NYS SHIELD Act Compliance
Hey, we get it. It’s a weird time right now, having to adjust operations without missing a beat. While there’s a lot going on, from a different aspect, there’s now time to focus on priorities that get demoted on the to-do list in the typical day-to-day hustle.
There are a few action items that organizations can take in efforts to ensure compliance.
Put together a team. A requirement of the act is to assign one individual at the company to be responsible for and coordinate the program. Empower the individual to begin an open dialogue and start outlining what your organization needs.
Prep before you plan. It’s tough to build a house if you don’t know what materials and equipment you have – or need. The same applies to IT and security, it’s critical to understand the data you have and identify all security gaps. To get started, Brite recommends taking stock of your current environment and tools through an assessment. Luckily, we can help with our New York SHIELD Act Compliance Assessment.
IT and security are not one of those ‘set it and forget it’s kind of things. Each needs constant evaluation and evolution to stay up to date. Take advantage of new calendar openings and the New York SHIELD Act compliance deadline to jumpstart your security initiatives. If at any point in the process you get stuck, our managed service team is here to help!