According to the New York State Attorney General’s office, the bill:
• Expands the scope of information subject to the current data breach notification law to include biometric information, email addresses, and corresponding passwords or security questions and answers; • Broadens the definition of a data breach to include unauthorized “access” to private information from the current “acquired” standard;The SHIELD act now goes to Governor Cuomo for his review.
• Applies the notification requirement to any person or entity with private information of a New York resident, not just to those that conduct business in New York State;
• Updates the notification procedures companies and state entities must follow when there has been a breach of private information; and
• Creates reasonable data security requirements tailored to the size of a business.
The full text of the bill can be found here.