The SHIELD is Now Up: New Legislation To Protect New Yorkers Against Data Security Breaches

“As technology seeps into practically every aspect of our daily lives, it is increasingly critical that we do everything we can to ensure the information that companies are trusted with is secure,” Governor Cuomo said. “The stark reality is security breaches are becoming more frequent and with this legislation New York is taking steps to increase protections for consumers and holding these companies accountable when they mishandle sensitive data.”

en flag
nl flag
fr flag
de flag
pt flag
es flag

Press Announcement

Governor Cuomo Signs Legislation Protecting New Yorkers Against Data Security Breaches

Governor Andrew M. Cuomo today [July 25, 2019] signed legislation to protect New Yorkers against security breaches. The Governor signed the Stop Hacks and Improve Electronic Data Security – or SHIELD – Act (S.5575B/A.5635), which imposes stronger obligations on businesses handling private data to provide proper notification to affected consumers when there is a security breach. The Governor also signed legislation (A.2374/S.3582) requiring consumer credit reporting agencies to offer identity theft prevention and mitigation services to consumers who have been affected by a security breach of the agency’s system.

“As technology seeps into practically every aspect of our daily lives, it is increasingly critical that we do everything we can to ensure the information that companies are trusted with is secure,” Governor Cuomo said. “The stark reality is security breaches are becoming more frequent and with this legislation, New York is taking steps to increase protections for consumers and holding these companies accountable when they mishandle sensitive data.”

Attorney General Letitia James said, “The SHIELD Act is now the law of the land and provides better protections for consumers’ private information. New Yorkers deserve the peace of mind that companies will be held accountable for securing their information. We thank Governor Cuomo and the bill’s co-sponsors, Senator Thomas and Assembly Member DenDekker, for their advocacy and support for this important piece of legislation.”

In late July 2017, one of the three main credit reporting agencies, Equifax Inc., experienced a major data breach involving personal information, including social security numbers. The magnitude of this breach is still unknown, but the company’s response was insufficient and it is unacceptable that consumers were left to bear the burden to protect their own identities even though their information was stolen at no fault of their own. On July 22, 2019, Governor Cuomo, the State Department of Financial Services and State Attorney General James announced a $19.2 million settlement with Equifax over the data breach. As part of that settlement, Equifax agreed to provide New York consumers with credit monitoring services and free annual credit reports, and the company will pay restitution to consumers affected by the breach.

SHIELD Act (S.5575B/A.5635)

New York’s data breach notification law is outdated and does not keep pace with current technology. A growing number of states already require reasonable data security protections without imposing duplicate obligations on those already subject to other federal or New York State data security regulations and without imposing excessive costs on small business.

This legislation imposes stronger obligations on businesses handling private data of customers, regarding security and proper notification of breaches by:

  • Broadening the scope of information covered under the notification law to include biometric information and email addresses with their corresponding passwords or security questions and answers;
  • Updating the notification requirements and procedures that companies and state entities must follow when there has been a breach of private information;
  • Extending the notification requirement to any person or entity with private information of a New York resident, not just those who conduct business in New York State;
  • Expanding the definition of a data breach to include unauthorized access to private information; and
  • Creating reasonable data security requirements tailored to the size of a business.

This bill will take effect 240 days after becoming law.

Senator Kevin Thomas, Chairman of the Committee on Consumer Protection said, “It is critical that our laws keep pace with the rapidly changing world of technology. The SHIELD Act raises security standards so that no more New Yorkers are needlessly victimized by data breaches and cyber-attacks. I want to thank the Governor for his leadership as we work to modernize our laws and protect the personal data of all New Yorkers.”

Assembly Member Michael DenDekker, Chair, Committee on Consumer Affairs and Protection, said,“I applaud Governor Cuomo for signing the SHIELD ACT into law. I was proud to partner with the Attorney General’s Office, the Senate and the Governor’s Office to introduce this legislation that will help protect consumers personal information and hold those entrusted with sensitive private data to certain standards with regard to its’ proper storage and protection. The bill also outlines if a breach of information occurs, that proper notifications must be made in a timely manner.”

Identity Theft Prevention and Mitigation Services (A.2374/S.3582)

This legislation establishes the minimal amount of long-term protections to consumers who are affected by a data breach from a credit reporting agency. It requires credit reporting agency that suffers a breach of information containing consumer social security numbers to provide five-year identity theft prevention services, and if applicable, identity theft mitigation services to affected customers. Additionally, the legislation requires credit reporting agencies to inform consumers on credit freezes of a breach of data involving a social security number, and provides consumers with the right to freeze their credit at no cost.

The bill will take effect 60 days after becoming law, and applies to any breach of the security of a consumer credit reporting agency that occurred no more than three years prior to the effective date of this act.

Senator Leroy Comrie said, “From the initial Equifax hack to the company’s inadequate response, it is clear that New York State needed to be doing much more to protect consumers from data thieves. In the ever-evolving world of emerging technology, it is imperative that safeguards are in place to prevent personal information like social security numbers and banking information from so easily ending up in the hands of hackers. I was proud to advance legislation that will require credit reporting agencies provide lifetime identity theft protection and risk mitigation services in the event that confidential consumer data is breached. I thank Governor Cuomo for signing this bill into law to help protect New Yorkers.”

Assembly Member Jeffrey Dinowitz said, “I applaud Governor Cuomo for signing our legislation into law. The vast majority of consumers have had their personal information violated due to a data breach at some point in their lifetime. One of the worst breaches on record occurred in 2017 when one of the major credit reporting agencies in the country was breached and millions of consumers’ social security numbers and other sensitive information was stolen. This legislation will ensure that impacted individuals receive appropriate credit monitoring and identity theft mitigation services when a credit reporting agency loses their social security number. Credit reporting agencies should be held to the highest standard as they play such a vital role protecting our data. This vital consumer legislation is an important step in holding these entities accountable when they fail to protect our information from bad actors.”

Read the  complete release at Governor Cuomo Signs Legislation Protecting New Yorkers Against Data Security Breaches

Additional Reading

Source: ComplexDiscovery

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

The results of the recent Summer 2020 eDiscovery Business Confidence Survey present the unfortunate and continuing impact of COVID-19 on the business of eDiscovery. However, for these pandemic-driven results to be fully understood, they should be viewed through the contextual lens of the results of all nineteen surveys that have been administered to eDiscovery professionals since the inception of the eDiscovery Business Confidence Survey in early 2016.



Check Out the Observations Now!

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

Sharing is Caring? ayfie Group Lists on Merkur Market of Oslo Stock Exchange

According to Johannes Stiehler, CEO of ayfie Group, in a July...

XDD Acquires Anexsys

According to David Moran, XDD President and COO, “Complementing our recent...

Missing Something? Topic Modeling in eDiscovery

The basic idea behind topic modeling, according to eDiscovery expert and...

HaystackID and NightOwl Global Merge

According to today's announcement, the NightOwl merger is HaystackID's fourth major...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews

One of the key revision and decision areas that business, legal,...

A Macro Look at Past and Projected eDiscovery Market Size from 2012 to 2024

From a macro look at past estimations of eDiscovery market size...

An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

Based on the aggregate results of nineteen past eDiscovery Business Confidence...

A Growing Concern? Budgetary Constraints and the Business of eDiscovery

In the summer of 2020, 56% of respondents viewed budgetary constraints...

A Change in Tempo? eDiscovery Operational Metrics in the Summer of 2020

In the summer of 2020, 91 eDiscovery Business Confidence Survey participants...

Shifting Gears? eDiscovery Business Confidence Survey Results – Summer 2020

This is the nineteenth quarterly eDiscovery Business Confidence Survey conducted by...

Sharing is Caring? ayfie Group Lists on Merkur Market of Oslo Stock Exchange

According to Johannes Stiehler, CEO of ayfie Group, in a July...

XDD Acquires Anexsys

According to David Moran, XDD President and COO, “Complementing our recent...

HaystackID and NightOwl Global Merge

According to today's announcement, the NightOwl merger is HaystackID's fourth major...

Mitratech Acquires Tracker Corp

The acquisition supports Mitratech’s mission to provide legal and compliance solutions...

Five Great Reads on eDiscovery for July 2020

From business confidence and operational metrics to data protection and privacy...

Five Great Reads on eDiscovery for June 2020

From collection market size updates to cloud outsourcing guidelines, the June...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...

Five Great Reads on eDiscovery for April 2020

From business confidence to the boom of Zoom, the April 2020...

[New Survey]
[New Survey]