How Does the New York SHIELD Act Affect the Privacy of Our Private Data?
Somewhat understandably, the current coronavirus pandemic means that not that many people are thinking about data security at the moment. Nevertheless, the virus will be defeated (hopefully) soon, and we'll need to get back to our normal lives. That's why, despite the lockdown, on March 21, New York's SHIELD Act officially came into effect. Let's see how it might impact the cybersecurity world.
Table of Contents
What is the SHIELD Act?
SHIELD stands for Stop Hacks and Improve ELectronic Data security, and it was signed back in July 2019. It was accepted by the New York State, but it's important to note that it affects all organizations that process the personal information of New Yorkers. Dubbed as an extension to the existing data breach notification law, some of its provisions have been in effect for the last few months, but it wasn't until late-March that the last ones were officialized.
The goal is to ensure that companies do more to protect consumers' personal data, and it must be said that it's not the first act of this type. The European Union's GDPR (or General Data Protection Regulation) was implemented in May 2018, and a month later, California signed its own California Consumer Privacy Act (CCPA). Legal experts say that the changes SHIELD introduces are similar to what the EU and The Golden State have.
How will the SHIELD act change the way companies handle our data?
According to law and privacy blog AdLawAccess.com, you can separate SHIELD's provisions into three categories.
Companies should first think about implementing administrative initiatives which include designating one or more employees who will be in charge of the company's security program, organizing training sessions so that the staff is better prepared to safely process data, keeping up with the current cybersecurity trends, and assessing the risks they pose.
From a technical standpoint, companies need to assess and try to mitigate the risks associated with their network infrastructure and the software products their use. They are also advised to think about the design of their data processing mechanisms as well as the incident response plan in case the worst happens.
Last but not least, organizations need to implement some physical safeguards, which include mechanisms that detect and prevent unauthorized access and ensure the safe disposal of private data.
The new act also makes some changes to the requirements for companies that have suffered cybersecurity incidents, and it expands a few the definitions cemented by current laws. The act mandates that the extent of the changes organizations need to take is dependent on the size of their business.
Will SHIELD actually work?
Businesses are likely to take notice of the new law. New York is an important economic area, and there will be few organizations that would like to stop doing business in it. Some will inevitably find it impossible to comply with the new rules and will probably decide to pull out of the state, but the majority will try to improve their defenses and implement better security practices not just for their New York-based users, but for everybody. Surely, this must be good news. Will it solve all our problems, though?
There are people who question the validity of laws like GDPR, CCPA, and SHIELD, and they're not completely right. The new acts have given users easier access to information on how their data is handled, and they have also forced companies to reinforce their protection mechanisms. Those who failed have faced some pretty hefty fines.
Unfortunately, none of this has stopped the endless stream of data breaches and leaks. In fact, companies continue to make silly mistakes, and the results are sometimes pretty devastating. So, no, SHIELD isn't a panacea. It will hopefully make companies build more robust security strategies, but it won't make them immune from cybersecurity incidents. Businesses should also realize this, and they should see what additional measures they can take to keep their users safe. The sooner they do it, the better.