Another Day, Another Data Security Law: The NY SHIELD Act

Fox Rothschild LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Fox Rothschild LLPNew York passed a cybersecurity and data breach law, effective October 23, and it expands many cybersecurity requirements to not only businesses operating in New York, but also those operating outside of the state. The SHIELD Act, as it is called, expands the scope of the current law by requiring covered entities to adopt a comprehensive data protection program and comply with additional data breach notification requirements.

The SHIELD Act expands the definition of private information to include biometric information and bank account or credit/debit card numbers, regardless of whether a password or security code is associated. Additionally, private information also now includes a username or email address in combination with a password or security question that would allow someone to access an online account.

The compliance requirements have also been expanded. If a business is not defined as “small”, it must designate and train employees to be responsible for compliance; require any third-party providers be capable of maintaining cybersecurity practices, with this requirement in the contract; perform risk assessments and monitor the effectiveness of the cybersecurity program; have safeguards in place to respond to attacks or failures; have processes for the disposal of private information; and update the cybersecurity program.

Obviously, franchisors and franchisees operating in New York must review the components of the SHIELD Act to ensure compliance. Moreover, employers who are not located in New York may still be required to comply with the SHIELD Act if they solicit or accept applications from a New York resident, if private information is part of this process. This is one area in particular where the Act could impact a non-New York franchisor. Many franchisors accept franchise applications from across the country, including from residents of New York. Although the franchisor may not be defined as an employer, it is a good practice for franchisors to review their cybersecurity systems to ensure compliance with the New York SHIELD Act. Moreover, any franchisees operating in this state must review the components to ensure they are following it.

Cybersecurity issues and data privacy laws are only going to become more complex, and the cost of compliance will likely increase. At the same time, this is a small price compared to the possible issues should there be a breach.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Fox Rothschild LLP

Written by:

Fox Rothschild LLP
Fox Rothschild LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide