New York is about to change the game for businesses as it implements the Stop Hacks and Improve Electronic Data Security Act, or more commonly referred to as the SHIELD Act.
The new reforms will mean that New York State data standards get a dramatic upgrade with the attorney general’s office being provided with a whole new set of data security enforcement privileges.
The impact of the SHIELD Act will affect businesses that collect data from New York residents, bringing a new level of scrutiny for companies that handle personal information. Coming into effect on March 21st, beyond data breaches, the attorney general will be able to investigate companies where whistleblower complaints about data collection and handling have been made. This means that businesses who have had no data breaches will now be liable under the Act, and could face civil penalties if they are deemed to be inadequately handling data.
This follows the implementation of CCPA in California, and adds a layer of compliance for businesses that are not necessarily dealing with data theft or breaches, but are considered to have improper data handling processes.
One of the ways in which businesses can create more transparency about their data handling and data processes is through auditing, and data destruction. For many businesses, this can prove effective in demonstrating clear processes, where audit reports can be provided to law enforcement agencies and the state.
The new SHIELD Act is likely to be the first of many data laws that are enforced in the coming months as data collection and the handling of personal information face further regulation in the U.S. and internationally.
Is your business auditing its data handling processes for more transparency?