Skip to main content

NY SHIELD Act

logo

Summary

Stop Hacks and Improve Electronic Data Security Act (SHIELD ACT) was developed in July of 2019. This Act amends New York's existing data breach notification law by expanding the definition of "Private Information" and by adding "Data Breach Security Protections." It has additional cybersecurity safeguards and new reporting requirements in the event of a breach.

Definitions

DefinitionRequirements
5575_B_2. Personal and private information
095. Define users with privileges
156. Source code without sensitive information
176. Restrict system objects
185. Encrypt sensitive information
228. Authenticate using standard protocols
229. Request access credentials
231. Implement a biometric verification component
300. Mask sensitive data
5575_B_4. Personal and private information
123. Restrict the reading of emails
227. Display access notification
318. Notify third parties of changes
5575_B_6. Personal and private information
024. Transfer information using session objects
033. Restrict administrative access
046. Manage the integrity of critical files
062. Define standard configurations
154. Eliminate backdoors
177. Avoid caching and temporary files
181. Transmit data using secure protocols
183. Delete sensitive data securely
185. Encrypt sensitive information
189. Specify the purpose of data collection
249. Locate access points
252. Configure key encryption
253. Restrict network access
255. Allow access only to the necessary ports
262. Verify third-party components
330. Verify Subresource Integrity
free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.