June 17, 2019
New York Attorney General Leticia James announced that a new cybersecurity law, called the SHIELD Act, passed the state legislature that boosts disclosure requirements and strengthens consumer protections in the case of a data breach.
The Stop Hacks and Improve Electronic Data Security Act broadens the definition of a data breach and puts additional responsibilities on companies that collect personal data, according to a release from the AG's office.
"Consumers deserve the peace of mind that their private information is secure," James said in the announcement. "That is why my office has been working hard this session to modernize outdated laws governing data breaches."
Under the newly passed bill, the definition of a breach includes information that an unauthorized person gains "access" to, and not just information that an unauthorized person "acquires."
The legislation also requires a company to comply if they have any information belonging to a New York resident, beyond just a company doing business in New York.
The bill also expands the scope of the data notification law to require disclosure of biometric information, passwords, email addresses and security questions.
The bill was sponsored by state Sen. Kevin Thomas and Assembly member Michael DenDekker. The bill now goes to Gov. Andrew Cuomo for his consideration.
Earlier this month, the state AG reached a $65,000 settlement with online socks retailer Bombas affecting 40,000 customers after the company failed to notify breach victims for several years.
Topics: Mobile Payments, Regulatory Issues, Security
Sponsored Links: