Data privacy regulations are quickly becoming par for the course in countries around the world, each one bringing new, nuanced responsibilities for companies to follow. While Europe’s expansive General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) have made most of the headlines, we are just months away from the latest privacy regulation, New York’s “Stop Hacks and Improve Electronic Data Security (SHIELD) Act.”Scheduled to take effect on March 21, 2020, the SHIELD Act will transform data privacy standards in New York, the US, and around the world. Keep reading to find out what the latest privacy regulation means for your organization and how you can best prepare for its implementation.

The Problem With Today’s Password Habits
The SHIELD Act was signed into law on July 25, 2019 by New York Governor Andrew Cuomo. The Act gave companies 240 days to comply with new data privacy and data security standards, which makes March 21st a critical milestone for companies. It includes several notable changes to data privacy standards:
New Definitions. The SHIELD Act expands the definition of “private information” to encompass biometric data and usernames/email addresses when paired with passwords or security questions. In addition, financial data, including account or payment card numbers, are classified as private information, even without security codes or passwords.

New Parameters. Not only does the law broaden the information that can comprise a data breach, but it also expands the definition of a “breach.” Notably, under the SHIELD Act, unauthorized data access that compromises personal privacy is considered a breach. Previously, bad actors had to steal customer data before a privacy incident qualified as a breach. New People. These changes represent a seismic shift for one of the biggest business hubs in the world. However, it will have implications that reach well beyond the Big Apple. While New York’s previous data privacy laws only applied to companies operating in the state, The SHIELD Act applies to every company collecting and storing information of a New York resident.

New Consequences. For companies that fail to comply, the SHIELD Act empowers the New York Attorney General to exact up to $250,000 in fines and penalties, a $100,000 increase from previous legislation. According to PwC, the Attorney General has already assessed more than $600 million in fines leading up to the law’s passing, which means that companies should be prepared to comply or face significant financial penalties.

Taken together, the SHIELD Act continues the trend of governments taking steps to bolster data privacy standards at a time when data breaches continue to be pervasive and incredibly consequential. To be sure, it will force companies to up their game in this regard.

How Should You Respond?
The SHIELD Act is intended to increase companies’ responsibility when collecting and storing peoples’ private information. In that regard, every organization should take specific measures to address data security, including:

The SHIELD Act’s implementation is just months away, and compliance should be top-of-mind for every company interacting with New Yorkers’ personal data. However, rather than being overwhelmed by the task, turn to trusted professionals who can help you along the way. At inTech, we offer comprehensive employee awareness training that promotes compliance and data security. In addition, we can help automate and document compliance standards, setting up any organization for seamless adoption of the SHIELD Act’s standards.

Don’t wait until it’s too late to prepare. Contact us to learn more about how we can help you achieve compliance by the March 21st deadline.