THE SHIELD ACT

In July, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act),

From the legislative history: "New York's current data breach notification law needs to be updated to keep pace with individuals' use and dissemination of private information. New York also needs to join the increasing number of states that require reasonable data security protections, without imposing duplicate obligations on those already subject to other federal or New York State data security regulations and without imposing excessive costs on small business. This bill expands the scope of information subject to the current data breach notification law to include biometric information, and email addresses and their corresponding passwords or security questions and answers. It broadens the definition of a data breach to include unauthorized access to private information. It applies the notification requirement to any person or entity with private information of a New York resident, not just to those that conduct business in New York State. It also updates the notification procedures companies and state entities must follow when there has been a breach of private information. It also creates reasonable data security requirements tailored to the size of a business."