Skip to main content

NY SHIELD Act

logo

Summary

Stop Hacks and Improve Electronic Data Security Act (SHIELD ACT) was developed in July of 2019. This Act amends New York's existing data breach notification law by expanding the definition of "Private Information" and by adding "Data Breach Security Protections." It has additional cybersecurity safeguards and new reporting requirements in the event of a breach.

Definitions

DefinitionRequirements
5575_B_2. Personal and private information095. Define users with privileges
156. Source code without sensitive information
176. Restrict system objects
185. Encrypt sensitive information
228. Authenticate using standard protocols
229. Request access credentials
231. Implement a biometric verification component
300. Mask sensitive data
5575_B_4. Personal and private information123. Restrict the reading of emails
227. Display access notification
318. Notify third parties of changes
5575_B_6. Personal and private information024. Transfer information using session objects
033. Restrict administrative access
046. Manage the integrity of critical files
062. Define standard configurations
154. Eliminate backdoors
177. Avoid caching and temporary files
181. Transmit data using secure protocols
183. Delete sensitive data securely
185. Encrypt sensitive information
189. Specify the purpose of data collection
249. Locate access points
252. Configure key encryption
253. Restrict network access
255. Allow access only to the necessary ports
262. Verify third-party components
330. Verify Subresource Integrity