Digital4nx Group, Ltd.

  • About Us
    • Who We Serve
    • Close
  • Digital Litigation Support Services
    • Digital Forensic Investigations
    • Electronic Discovery Hosting, Consulting, and Advisory
    • Early Case Assessment
    • Expert Witness Testimony
    • Close
  • Cyber Security Services
    • Advanced Ethical Hacking
    • Vulnerability Assessment
    • Post-Breach Incident Response
    • Cyber Awareness Training
    • Cyber Risk and Compliance Assessment
    • CISO-As-A-Service
    • Close
  • News and Case Studies
  • Events
  • Contact Us
    • Subscribe to Newsletter
    • Close
You are here: Home / Announcement / New York Passes a Law that Further Expands Cyber Protection

New York Passes a Law that Further Expands Cyber Protection

July 10, 2019 by Rob Kleeger

 

 

 

 

 

The New York State Legislature recently passed a bill that aims to protect New York residents, regardless of the location of the business. The law, known as the  Stop Hacks and Improve Electronic Data Security (SHIELD) Act is designed to address unauthorized access of data. The bill expands the definition of “Breach of the security of the system” by adding the wording “access to” data. The original regulation contemplated the acquisition of data.

The SHIELD Act expands the notification requirements, and it also expands the time limits that a person has to seek remedies for damage caused by a breach event. The law also raises the penalties previously defined in general business law.

The bill is highly reminiscent of the NYS DFS regulation (23 NYCRR Part 500), including all the risk-based requirements of that bill to apply to businesses that conduct business with New York residents.  If enacted, the bill would add New York to the minority of states in which unauthorized “access” to data systems is sufficient to constitute a breach, regardless of whether any private information is actually “acquired” (or “exfiltrated”). This distinction could be especially significant in the ransomware context in which private information may not be stolen but nonetheless may be accessed in a way that would now constitute a data breach and may trigger notification obligations.

The legislation:
  • widens the definition of “private information” to include biometric data, a username or email address, and a password, or security questions and answers that would permit access to an online account;
  • expands the definition of “data breach” to include unauthorized access to private information on a data system, even if such private information is not stolen;
  • extends the breach notification requirement to include any person or entity that owns or licenses computerized data that includes private information, even in the absence of a New York business enterprise;
  • updates the notification procedures following a data breach; and
  • enacts “reasonable” data security safeguard requirements, including the designation of cybersecurity personnel, sufficient data protection controls, and employee training on cybersecurity practices and procedures.

Failure to comply would result in fines of $5,000 per violation, or $20 per notification failure (up from $10), for a total of up to $250,000 (up from $150,000).

The bill is now pending the signature of Governor Andrew Cuomo.

Filed Under: Announcement, Educational, Press Release Tagged With: Cyber Security, NY, SHIELD Act

Digital Litigation Support Service

  • DLSS – Digital Litigation Support Services
  • Digital Forensic Investigations
  • Electronic Discovery Hosting, Consulting, and Advisory
  • Early Case Assessment
  • Expert Witness Testimony

Cyber Security Services

  • Cyber Security Services
  • Advanced Ethical Hacking
  • Vulnerability Assessment
  • Post-Breach Incident Response
  • Cyber Awareness Training
  • Cyber Risk and Compliance Assessment
  • CISO-As-A-Service

Case Studies

  • When The Hack of a Business Partner is Just as Bad as the Compromise of Your Own Systems.
  • The Threat From Within – Theft of IP
  • Digital4nx Group recognized and honored by Enterprise Security

Contact Us

Digital4nx Group, Ltd.
8 S. Main St - Unit 70,
Marlboro Township, NJ 07746
info@digital4nxgroup.com
732-786-4062

Subscribe to Newsletter
© 2019 Digital4nx Group, Ltd. | All Rights Reserved. Sitemap · Privacy Policy