NEW YORK (TIP): The Senate Democratic Majority June 5 passed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). This bill, S.5575-A, sponsored by Indian American Senator Kevin Thomas, Chair of the Consumer Protection Committee, will return control of personal data back to New Yorkers and require businesses to put customers’ privacy over profits. Specifically, the SHIELD Act will broaden the definition of a data breach, expand the scope of information subject to current data breach notification laws, and empower the Attorney General to bring action over privacy violations.
Bill Sponsor, Senator Kevin Thomas said, “It is critical that our laws keep pace with the rapidly changing world of technology. The SHIELD Act raises security standards so that no more New Yorkers are needlessly victimized by data breaches and cyber-attacks. This legislation serves as a collaborative approach to privacy and consumer protection that will set the standard for New York and the rest of the nation.”
The SHIELD Act, S.5575-A, will:
- Expands the scope of information subject to the current data breach notification law to include biometric information, email addresses and their corresponding passwords or security questions and answers, and protected health information as defined under HIPAA.
- Broadens the definition of a data breach to include unauthorized access to private information. It applies the notification requirement to any person or entity with the private information of a New York resident, not just to those that conduct business in New York State.
- Updates the notification procedures companies and state entities must follow when there has been a breach of private information.
- Creates reasonable data security requirements tailored to the size of a business and provides protection from liability for certain entities that take steps to verify their safeguarding of private information.