By: Linda L. Goodman
After a short review period after being passed by the legislature, the Governor of New York signed the Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) into law yesterday. The SHIELD Act broadens the scope of information covered by the notification law to now include biometric information, email addresses with their corresponding passwords or security questions and answers and credit card numbers.
This law also requires businesses that hold information for any New York residents to abide by the notification requirements even if the company doesn’t conduct business in the state of New York. Additionally, the law expands the notification obligation to include situations where there’s been unauthorized access to data not just data that is believed to have been acquired without permission.
The law requires businesses to institute reasonable administrative, technical and physical safeguards to protect the security, confidentiality, and integrity of private information. Companies are to have a designated employee overseeing the security program, identify foreseeable risks and checking up on how well the safeguards are working.
The SHIELD Act will be effective on March 22, 2020, which is 240 days after being signed by the Governor.
Along with the SHIELD Act, the Governor signed the Identity Theft Prevention and Mitigation Services Act. This law requires credit reporting agencies that suffer a data breach involving consumer social security numbers to provide the consumers with five years of identity theft prevention and mitigation services. The law also gives the consumers the right to freeze their credit at no cost. This new law was in response to the Equifax data breach in 2017.
The Identity Theft Prevention and Mitigation Services Act will be effective on September 23, 2019, which is 60 days after being signed by the Governor.
Separately, on the same day, Governor Cuomo signed S.3582 , which requires credit reporting agencies (“CRA”) that experienced a data breach involving Social Security numbers to provide five-year identity theft prevention services, and, if applicable, identity theft mitigation services to affected consumers. This law also will require CRAs to inform consumers about credit freezes and provide them the right to freeze their credit at no cost. This bill takes effect September 23, 2019, and will apply to breaches that occurred no more than three years prior to that date.
It is clear with the passage of these two new laws in New York, that security data and consumer information is a hot topic in 2019.
______________________________________________________________________
This article is a publication of The Goodman Law Firm and is intended to provide information on recent legal developments. This article does not create an attorney-client relationship, nor should it be construed as legal advice or an opinion on specific situations. This may constitute “Attorney Advertising” under the Rules of Professional Conduct and under the law of other jurisdictions.
Linda L. Goodman is the founder of The Goodman Law Firm, concentrating its practice in internet business and law. Her firm’s clients include Advertisers, Affiliates, Affiliate Networks, and ISP’s.
© 2019 TGLF, A.P.C.