New York AG Announces SHIELD Act to Protect New Yorkers From Data Breaches

New York Attorney General Eric T. Schneiderman has introduced a new measure to “close major gaps” in the state’s “weak and outdated” data security laws.

The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) would impose a legal responsibility for businesses to adopt “reasonable” administrative, technical and physical safeguards for sensitive data. The measure would apply to any company that has sensitive data of New York residents, without regard for whether a company conducts business in the state.

“Small” businesses would be required to implement reasonable safeguards commensurate with their “size and complexity.”

The SHIELD Act would expand the types of data that trigger reporting requirements in the event of a data breach, including usernames, password combinations and biometric data. It would also expand data breach reporting requirements beyond “acquisition,” to include incidents when hackers gain “access” to private information.

The Act would also provide a safe harbor for compliant regulated entities that obtain independent certification of compliance. The bill provides companies with a strong incentive to go beyond the bare minimum, and obtain independent certification that their data security measures meet the highest standards.

Violations of the measure would permit the Attorney General to bring suit and seek civil penalties.

Learn more about the SHIELD Act, here.

Richard B. Newman is an Internet marketing compliance and regulatory defense attorney at Hinch Newman LLP focusing on advertising and digital media matters. His practice includes conducting legal compliance reviews of advertising campaigns, representing clients in investigations and enforcement actions brought by the Federal Trade Commission and state Attorneys General, commercial litigation, advising clients on promotional marketing programs, and negotiating and drafting legal agreements.

ADVERTISING MATERIAL. These materials are provided for informational purposes only and are not to be considered legal advice, nor do they create a lawyer-client relationship. No person should act or rely on any information in this article without seeking the advice of an attorney. Information on previous case results does not guarantee a similar future result. Hinch Newman LLP | 40 Wall St., 35thFloor, New York, NY 10005 | (212) 756-8777.

Richard B. Newman

Richard B. Newman is a nationally recognized FTC advertising compliance, CID investigation and regulatory enforcemetn attorney. He regularly provides advertising counsel and represents clients in high-profile investigations and enforcement proceedings initiated by the Federal Trade Commission, state attorneys general, departments of consumer affairs, and other federal and state agencies with jurisdiction over advertising and marketing practices. Richard is also an ecommerce lawyer and spam defense attorney. His practice additionally focuses upon false advertising defense, data privacy, cybersquatting, intellectual property law and transactional matters relating to the dissemination of national advertising campaigns, including the gamut of affiliate marketing, telemarketing, lead generation, list management and licensing agreements. Richard advises clients on how to minimize the legal risks associated with digital marketing, email marketing, telemarketing, social media influencer campaigns, endorsements and testimonials, negative option marketing models, native advertising, online promotions and comparative advertising,

To Learn More About This Topic or if You Have Questions, Contact an Experienced FTC Compliance and Defense Lawyer