As we begin a new year, organizations should continue to be prepared to address challenges arising from the ongoing proliferation of cybersecurity threats that wreak havoc on businesses and customers. In response to an increase in cybersecurity incidents, a number of state and federal laws have been passed, including New York State’s recently enacted “The Stop Hacks and Improve Electronic Data Security Act,” commonly referred to as the “SHIELD Act”.
The SHIELD Act’s provisions are not effective until March 21st of this year. This means, organizations still have time to review their existing practices and cybersecurity policies to minimize exposure to data breaches and to ensure compliance with applicable laws, including the SHIELD Act.
This communication is intended to summarize the material provisions of the SHIELD Act (and other relevant cybersecurity laws that may impact you) and to assist you in determining whether you need to comply with the new law. We have also proposed certain best practices that can be implemented to minimize the likelihood of a cybersecurity incident and to ensure compliance with relevant cybersecurity laws.
What is the SHIELD Act?
The SHIELD Act imposes requirements that are aimed to reduce the likelihood of data breaches by requiring certain individuals, businesses and organizations to adopt preventative cybersecurity programs.
Any individual, business or organization (including non-profit organizations) that owns or licenses computerized data which receive, collect, or maintain “private information” of New York residents must comply with the law. In practice, this means every employer in New York must comply with the SHIELD Act, as in all likelihood the employer will possess, at a minimum, “private information” relating to its employees.
New York State’s 2019 Budget, which was signed in to law this past April, includes legislation that requires every employer in New York State, within both the private sector and public sector, to establish a sexual harassment prevention policy and to provide employees with sexual harassment prevention training.
As detailed in our previous Special Alert, New York State’s Department of Labor and Division of Human Rights have issued a model sexual harassment prevention policy and model training program. Once finalized, those models will establish a minimum standard for all employers in New York State to follow or incorporate in to their own policy and training program.
While the Department of Labor and Division of Human Rights have not yet issued final requirements, employers can use the models to begin to prepare to comply with the sexual harassment prevention policy and training legislation.
- Accidents and Personal Injury
- Business and Corporate
- Business Formation
- Business Litigation
- Car Accidents
- Cemetery and Funeral Home Negligence
- Closely Held and Family Owned Businesses
- Criminal Defense Trials and Appeals
- Department of Labor Investigations & Negotations
- Diagnosis Error
- Emergency Room Error
- Employee Benefits
- Employment Litigation
- Estates, Wills, and Trusts
- Franchise Law
- Labor and Employment
- Matrimonial and Family Law
- Medical Devices
- Medical Malpractice
- Motor Vehicle Accidents
- New York State Sexual Harassment Prevention
- Nurse Error
- Professional Licensing Defense
- Scientific Research and Misconduct
- Sexual Abuse Victims
- Tax Law
- Tourist Accidents
- Workers' Compensation