A data breach puts everyone in full on frenzy. There are a million things to consider and take care of when you become the victim of a cyber incident. Making sure that your business stays up and running is going to be one of your main concerns. In the short term that means getting your network restored. However, a key step in managing the aftermath of a data breach is communication. Clear messaging, both internal and external (clients and vendors), will allow you to minimize the negative impact of an attack.
To better protect businesses and to formalize communication with consumers Governor Cuomo signed the so-called SHIELD Act into law. Effective October 23. 2019 the Stop Hacks and Improve Electronic Data Security Act (SHIELD) will require all organizations that maintain private information concerning New York state residents to comply with new reporting requirements following a data breach.
These requirements apply regardless of where your business is located.
The SHIELD act will require organizations to not only determine what private information was breached, but you will also need to consider the potential consequences of the breach for your customers. If you conclude that potential misuse of the breached data is likely to result in identity theft and/or financial harm you will need to compose a written report of your findings. This written determination will need to be maintained for at least 5 years.
You will also need to notify all affected customers and give them a list with phone numbers and websites of relevant state and federal agencies that provide information on security breach response and identity theft prevention and protection.
In the unfortunate event that the incident involved over 500 New York state residents, your written determination will have to be submitted to the Attorney General as well.
Phase 2:
Where phase 1 of the SHIELD Act addresses proper handling of the aftermath of a breach phase 2 is fully focused on safeguards and breach prevention. By March 2020 all organizations holding private information on NY residents will be required to have full-scale compliance and data protection programs in place.
What the SHIELD Act considers to be appropriate “reasonable safeguards” will depend on the size and nature of your business.
For more information or if you need help with SHIELD Act compliance call (845) 237-2117. Meeting Tree Computer has been providing managed IT services to the Hudson Valley for over 20 years.