New York passes the SHIELD Act: law aims to strengthen data security and consumer privacy protections

The New York State legislature has passed The Stop Hacks and Improve Electronic Data Security (SHIELD) Act, related to enhanced protections against data breaches and identity theft.

According to the New York State Attorney General’s office, the bill:

• Expands the scope of information subject to the current data breach notification law to include biometric information, email addresses, and corresponding passwords or security questions and answers; • Broadens the definition of a data breach to include unauthorized “access” to private information from the current “acquired” standard;
• Applies the notification requirement to any person or entity with private information of a New York resident, not just to those that conduct business in New York State;
• Updates the notification procedures companies and state entities must follow when there has been a breach of private information; and
• Creates reasonable data security requirements tailored to the size of a business.

The SHIELD act now goes to Governor Cuomo for his review.

The full text of the bill can be found here.