(Albany, NY) The Senate Democratic Majority today passed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act). This bill, S.5575-A, sponsored by Senator Kevin Thomas, Chair of the Consumer Protection Committee, will return control of personal data back to New Yorkers and require businesses to put customers’ privacy over profits. Specifically, the SHIELD Act will broaden the definition of a data breach, expand the scope of information subject to current data breach notification laws, and empower the Attorney General to bring action over privacyviolations.
“Technology is evolving at an ever increasing pace, and government needs to step up to protect New Yorkers’ privacy and personal data,” Senate Majority Leader Andrea Stewart-Cousins said. “Consumers deserve the peace of mind of knowing that their personal information isn’t being disseminated without their consent. The SHIELD Act will provide expanded protections for New Yorkers’ to safeguard private data as technology continues to progress. I applaud Attorney General Tish James for her work on this legislation, and Senator Thomas for holding a hearing on this important issue and advancing this bill to help make New York State a leader in securing private data.”
Bill Sponsor, Senator Kevin Thomas said, “It is critical that our laws keep pace with the rapidly changing world of technology. The SHIELD Act raises security standards so that no more New Yorkers are needlessly victimized by data breaches and cyber-attacks. This legislation serves as a collaborative approach to privacy and consumer protection that will set the standard for New York and the rest of the nation.”
Bill Co-Sponsor, Senator David Carlucci said, “Almost every day we hear about massive data breaches, compromising the personal and financial information of millions. Falling victim can be devastating. The SHIELD Act will force companies to finally get serious about data security and protect New Yorkers’ most sensitive information. Thank you to Senator Thomas for getting this bill over the finish line.”
The SHIELD Act, S.5575-A, will:
- Expands the scope of information subject to the current data breach notification law to include biometric information, email addresses and their corresponding passwords or security questions and answers, and protected health information as defined under HIPAA.
- Broadens the definition of a data breach to include unauthorized access to private information. It applies the notification requirement to any person or entity with the private information of a New York resident, not just to those that conduct business in New York State.
- Updates the notification procedures companies and state entities must follow when there has been a breach of private information.
- Creates reasonable data security requirements tailored to the size of a business and provides protection from liability for certain entities that take steps to verify their safeguarding of private information.