If your business collects private information from a New York State resident, be aware of a recently effective New York law that requires companies to strengthen their data security programs and significantly expands a company's potential liability. When cybersecurity risks are at an all-time high as hackers seize on the COVID-19 pandemic to launch more attacks, it is advisable to take a closer look at how your business is protecting personal data.

As of March 21, 2020, the New York "Stop Hacks and Improve Electronic Data Security Act" ("SHIELD Act") specifically requires any person or business collecting private information of a New York resident to develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of that private information, including but not limited to, disposal of the data.