Protecting Consumer Privacy and Imposing Duties on Businesses: New York’s “Shield” Act
In July 2019, New York State enacted the Stop Hacks and Improve Electronic Data Security Act, also known as the “SHIELD Act.” The provisions of the Act that apply to data breach notice requirements go into effect in October 2019, and the provisions mandating reasonable security requirements go into effect in 2020. The panel will discuss how the SHIELD Act has changed New York State privacy and security law, its impact on businesses that don’t do business in New York State, and how it intersects with other laws like the New York Department of Financial Services Regulations and HIPAA. The speakers will also examine different efforts to create a standard for “reasonable cybersecurity,” including the approaches taken by the SHIELD Act, the 20 controls set out in the California Attorney General’s 2016 Data Breach Report, and the recent guidance issued by NIST.
The Scope of the SHIELD Act
Enforcement and potential penalties
Different views on what is required for “reasonable” cybersecurity
Mark A. Berman, Esq. | Ganfer Shore Leeds & Zauderer LLP
Ron Hedges, Esq. | Dentons US LLP
Gail Gottehrer, Esq. | Law Office of Gail Gottehrer LLC