THE NEW YORK SHIELD ACT​ CYBERSECURITY REGULATION

You have in your computer systems what’s called PII (personal identifiable information) and also NPI (non-public information)​ Don’t think you’re NOT in danger because you’re “small” and not a big target like a Target or Home Depot?​

Think again. 82,000 NEW malware threats are being released every single day and HALF of the cyber-attacks occurring are aimed at small businesses.​

Personally identifiable information (PII), or Sensitive Personal Information (SPI), as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.​

PII can be exploited by criminals to stalk or steal the identity of a person, or to aid in the planning of criminal acts.

The New York State Shield Act

The New York “Stop Hacks and Improve Electronic Data Security Act” (SHIELD ACT), requires all businesses that collect private information on New York residents to implement reasonable cybersecurity safeguards by March 21, 2020 to protect that information.​

In order to meet the March 2020 deadline, companies should take necessary steps to ensure that they are in compliance with the SHIELD Act, which significantly expands New York State’s breach notification law.​

Who does this law affect? Everyone

Any person or Business that owns or licenses computerized data which includes private information on New York Residents.

How is personal information defined in the SHIELD Act?

• Name​
• Phone Number​
• SS Number​
• Driver’s License​
• Credit Card Number​
• Security Codes​
• Expiration Dates​
• Account Number​
• Access Codes​
• Username and Passwords​
• Answers to security questions​
• Financial Account​
• Biometric Information​
• Fingerprints, Voice Prints, Retina or Iris Images

What are you doing to comply with the SHIELD Act?

The misconception that your current IT Guy/Company is capable of handling cybersecurity regulations is incorrect.​

A very different company is required with the proper skillsets and experts on the subject with years of experience, not someone that’s “Trying to figure it out”

The penalties for a breach and the failure to properly notify affected individuals can come with a steep price tag. Fines are a civil penalty of either $5,000 or $20 per violation with a maximum of $250,000.

To meet the requirements of this law you should:

Adopt a companywide Cybersecurity Program​

Appoint a Chief Information Security Officer​

Hire a third-party vendor to insure you have appropriate cybersecurity internal controls​

How Motiva can protect private information and assess technical safeguards?

Onboard and conduct periodic cybersecurity trainings for employees

If you’d like to see how your organization stacks up, get your free Cyber Security Risk Assessment.