New York AG Announces SHIELD Act to Protect New Yorkers From Data Breaches

New York Attorney General Eric T. Schneiderman has introduced a new measure to “close major gaps” in the state’s “weak and outdated” data security laws.

The Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) would impose a legal responsibility for businesses to adopt “reasonable” administrative, technical and physical safeguards for sensitive data. The measure would apply to any company that has sensitive data of New York residents, without regard for whether a company conducts business in the state.

“Small” businesses would be required to implement reasonable safeguards commensurate with their “size and complexity.”

The SHIELD Act would expand the types of data that trigger reporting requirements in the event of a data breach, including usernames, password combinations and biometric data. It would also expand data breach reporting requirements beyond “acquisition,” to include incidents when hackers gain “access” to private information.

The Act would also provide a safe harbor for compliant regulated entities that obtain independent certification of compliance. The bill provides companies with a strong incentive to go beyond the bare minimum, and obtain independent certification that their data security measures meet the highest standards.

Violations of the measure would permit the Attorney General to bring suit and seek civil penalties.

Learn more about the SHIELD Act, here.

Richard B. Newman is an Internet marketing compliance and regulatory defense attorney at Hinch Newman LLP focusing on advertising and digital media matters. His practice includes conducting legal compliance reviews of advertising campaigns, representing clients in investigations and enforcement actions brought by the Federal Trade Commission and state Attorneys General, commercial litigation, advising clients on promotional marketing programs, and negotiating and drafting legal agreements.

ADVERTISING MATERIAL. These materials are provided for informational purposes only and are not to be considered legal advice, nor do they create a lawyer-client relationship. No person should act or rely on any information in this article without seeking the advice of an attorney. Information on previous case results does not guarantee a similar future result. Hinch Newman LLP | 40 Wall St., 35thFloor, New York, NY 10005 | (212) 756-8777.

Richard B. Newman

To Learn More About This Topic or if You Have Questions, Contact an Experienced FTC Compliance and Defense Lawyer