Does the SHIELD Act Cover Your Business and Are You Ready?
As we have previously written, the privacy and security requirements of the New York Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) are effective as of March 21, 2020. The SHIELD Act implements broad new data security requirements for all businesses that have the private information of New York residents, and reaches beyond New York’s own borders to compel companies – including companies that do not do business in New York – to take affirmative steps to protect the personal and private information of New York residents that the company may be collecting or storing. Initially, the SHIELD Act expands the definition of “private information” that must be safeguarded to include any information that can be used to identify a person, in combination with a social security number, a driver’s license number, a financial account number, or biometric information. Separate and apart from these “data elements,” the definition of “private information” also now includes “a user name or e-mail address in combination with a password or security question and answer that would permit access to an online account.” Second, the SHIELD Act applies to any company that possesses the private information of even a single New York resident – even if the company does not conduct business in New York. All companies must...